GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
60 advisories
OpenClaw has a IPv6 multicast SSRF classifier bypass
Moderate
GHSA-h97f-6pqj-q452
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: BlueBubbles beta plugin webhook auth hardening (remove passwordless fallback)
Moderate
CVE-2026-32896
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw vulnerable to sensitive file disclosure via stageSandboxMedia
High
CVE-2026-32030
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has gateway plugin auth bypass via encoded dot-segment traversal in protected /api/channels paths
High
CVE-2026-32036
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's gateway tokenless Tailscale auth applied to HTTP routes
Moderate
CVE-2026-32045
was published
for
openclaw
(npm)
Mar 3, 2026
Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER
High
GHSA-97f8-7cmv-76j2
was published
for
picklescan
(pip)
Feb 18, 2026
OpenClaw has two SSRF via sendMediaFeishu and markdown image fetching in Feishu extension
High
CVE-2026-28451
was published
for
openclaw
(npm)
Feb 18, 2026
OpenClaw has a LFI in BlueBubbles media path handling
High
CVE-2026-29611
was published
for
openclaw
(npm)
Feb 18, 2026
OpenClaw has a local file disclosure via sendMediaFeishu in Feishu extension
High
CVE-2026-26321
was published
for
openclaw
(npm)
Feb 17, 2026
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
High
CVE-2023-49781
was published
for
nocodb
(npm)
May 13, 2024
ProTip!
Advisories are also available from the
GraphQL API