Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,894 advisories

Loading
A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is... Moderate Unreviewed
CVE-2026-1742 was published Feb 2, 2026
A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile... Moderate Unreviewed
CVE-2026-3748 was published Mar 8, 2026
An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may... Moderate Unreviewed
CVE-2026-22628 was published Mar 10, 2026
OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions Moderate
GHSA-9q36-67vc-rrwg was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey
A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected... Moderate Unreviewed
CVE-2026-3800 was published Mar 9, 2026
Gokapi has privilege escalation via incomplete API-key permission revocation on user rank demotion Moderate
CVE-2026-29061 was published for github.com/forceu/gokapi (Go) Mar 5, 2026
Sijisu Credited to Sijisu, aisafe-bot, and Forceu aisafe-bot aisafe-bot
Forceu Forceu
Gokapi has Data Leak in Upload Status Stream Moderate
CVE-2026-28682 was published for github.com/forceu/gokapi (Go) Mar 5, 2026
Sijisu Credited to Sijisu, aisafe-bot, and Forceu aisafe-bot aisafe-bot
Forceu Forceu
A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the... Moderate Unreviewed
CVE-2026-1061 was published Jan 17, 2026
A vulnerability was found in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0... Moderate Unreviewed
CVE-2025-15448 was published Jan 5, 2026
Gokapi has privilege escalation with auth token Moderate
CVE-2026-29060 was published for github.com/forceu/gokapi (Go) Mar 5, 2026
Forceu Credited to Forceu
In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due... Moderate Unreviewed
CVE-2026-0012 was published Mar 2, 2026
OpenClaw Telegram allowlist authorization accepted mutable usernames Moderate
CVE-2026-28480 was published for clawdbot (npm) Feb 18, 2026
vincentkoc Credited to vincentkoc
OpenClaw's Chrome extension relay binds publicly due to wildcard treated as loopback Moderate
CVE-2026-28395 was published for openclaw (npm) Feb 17, 2026
qi-scape Credited to qi-scape
OpenClaw's image tool bypasses tools.fs.workspaceOnly on sandbox mount paths and exfiltrates out-of-workspace images Moderate
GHSA-q6qf-4p5j-r25g was published for openclaw (npm) Mar 4, 2026
tdjackey Credited to tdjackey
A vulnerability in the Snort 2 and Snort 3 deep packet inspection of Cisco Secure Firewall Threat... Moderate Unreviewed
CVE-2026-20007 was published Mar 4, 2026
A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco... Moderate Unreviewed
CVE-2026-20073 was published Mar 4, 2026
OpenClaw's Zalo group sender allowlist bypass permits unauthorized GROUP dispatch Moderate
GHSA-534w-2vm4-89xr was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's Synology Chat dmPolicy=allowlist failed open on empty allowedUserIds, allowing unauthorized agent dispatch Moderate
GHSA-gw85-xp4q-5gp9 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Experimental apply_patch may bypass workspace-only checks in opt-in sandbox mounts (off by default) Moderate
GHSA-h9xm-j4qg-fvpg was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS... Moderate Unreviewed
CVE-2024-55025 was published Mar 3, 2026
Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web... Moderate Unreviewed
CVE-2024-55019 was published Mar 3, 2026
OpenClaw's dispatch-wrapper depth-cap mismatch can bypass shell-wrapper approval gating in system.run allowlist mode Moderate
GHSA-ccg8-46r6-9qgj was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802... Moderate Unreviewed
CVE-2026-2684 was published Feb 19, 2026
Temporary path handling could write outside OpenClaw temp boundary Moderate
GHSA-33hm-cq8r-wc49 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
A vulnerability was found in bolo-blog bolo-solo up to 2.6.4. Affected is an unknown function of... Moderate Unreviewed
CVE-2026-1813 was published Feb 4, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database