Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

440 advisories

Loading
OpenClaw Bypasses DM Policy Separation via Synology Chat Webhook Path Collision Moderate
GHSA-rqp8-q22p-5j9q was published for openclaw (npm) Mar 26, 2026
tdjackey Credited to tdjackey
OpenClaw leaf subagents can bypass controlScope restrictions to send messages to child sessions Moderate
GHSA-x2cm-hg9c-mf5w was published for openclaw (npm) Mar 26, 2026
space08 Credited to space08
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the... Moderate Unreviewed
CVE-2026-21724 was published Mar 26, 2026
OpenClaw: Mattermost callback dispatch allowed non-allowlisted sender actions Moderate
GHSA-8883-9w57-vwv6 was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Tahoe 26.4.... Moderate Unreviewed
CVE-2026-28881 was published Mar 25, 2026
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.5, macOS... Moderate Unreviewed
CVE-2026-28839 was published Mar 25, 2026
An authorization issue was addressed with improved state management. This issue is fixed in macOS... Moderate Unreviewed
CVE-2026-28845 was published Mar 25, 2026
NATS JetStream has an authorization bypass through its Management API Moderate
CVE-2026-33222 was published for github.com/nats-io/nats-server (Go) Mar 24, 2026
Craft CMS has an authorization bypass which allows any control panel user to move entries without permissions Moderate
CVE-2026-33162 was published for craftcms/cms (Composer) Mar 24, 2026
GCXWLP Credited to GCXWLP
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews,... Moderate Unreviewed
CVE-2025-10731 was published Mar 23, 2026
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews,... Moderate Unreviewed
CVE-2025-10736 was published Mar 23, 2026
A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the... Moderate Unreviewed
CVE-2026-4563 was published Mar 23, 2026
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is... Moderate Unreviewed
CVE-2026-2294 was published Mar 21, 2026
A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1.... Moderate Unreviewed
CVE-2026-4171 was published Mar 16, 2026
SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB Moderate
CVE-2026-32704 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 13, 2026
fg0x0 Credited to fg0x0
OpenClaw: Feishu reaction events could bypass group authorization and mention gating Moderate
GHSA-m69h-jm2f-2pv8 was published for openclaw (npm) Mar 13, 2026
zpbrent Credited to zpbrent
OpenClaw's system.run approvals did not bind mutable script operands across approval and execution Moderate
GHSA-8g75-q649-6pv6 was published for openclaw (npm) Mar 12, 2026
tdjackey Credited to tdjackey
OneUptime has WhatsApp Resend Verification Authorization Bypass Moderate
CVE-2026-30959 was published for @oneuptime/common (npm) Mar 10, 2026
Aryma-f4 Credited to Aryma-f4
PowerSync: Some sync filters ignored on 1.20.0 using `config.edition: 3` Moderate
CVE-2026-30870 was published for @powersync/service-core (npm) Mar 7, 2026
rkistner Credited to rkistner
Kimai's API invoice endpoint missing customer-level access control (IDOR) Moderate
CVE-2026-28685 was published for kimai/kimai (Composer) Mar 4, 2026
OpenClaw has an opt-in insecure Control UI auth over plaintext HTTP could allow privileged access Moderate
CVE-2026-32034 was published for openclaw (npm) Mar 3, 2026
Vasco0x4 Credited to Vasco0x4
OpenClaw: Node exec approvals could be replayed across nodes Moderate
GHSA-6x2m-hqfw-hvpj was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
The The Events Calendar plugin for WordPress is vulnerable to unauthorized modification of data... Moderate Unreviewed
CVE-2026-2694 was published Feb 26, 2026
A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown... Moderate Unreviewed
CVE-2026-3185 was published Feb 25, 2026
A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the... Moderate Unreviewed
CVE-2025-15582 was published Feb 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database