Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
OpenClaw: Plivo V2 verified replay identity drifts on query-only variants High
GHSA-cg6c-q2hx-69h7 was published for openclaw (npm) Mar 26, 2026
smaeljaish771 Credited to smaeljaish771
OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication Moderate
GHSA-6mqc-jqh6-x8fc was published for openclaw (npm) Mar 26, 2026
smaeljaish771 Credited to smaeljaish771
OpenClaw: Gateway agent /reset exposes admin session reset to operator.write callers High
GHSA-wq58-2pvg-5h4f was published for openclaw (npm) Mar 26, 2026
smaeljaish771 Credited to smaeljaish771
OpenClaw: Zalo webhook replay cache cross-target messageId scope bypass Low
GHSA-hhq4-97c2-p447 was published for openclaw (npm) Apr 2, 2026
smaeljaish771 Credited to smaeljaish771
OpenClaw: Node browser proxy `allowProfiles` bypass through persistent profile mutation and runtime profile selection High
GHSA-h5hg-h7rr-gpf3 was published for openclaw (npm) Apr 3, 2026
smaeljaish771 Credited to smaeljaish771
OpenClaw: Tlon Startup Migration Rehydrates Empty-Array Revocations From File Config Low
GHSA-3pm9-5j7m-59vc was published for openclaw (npm) Apr 3, 2026
smaeljaish771 Credited to smaeljaish771
OpenClaw: Telegram legacy allowFrom migration fans default-account trust into all named accounts Moderate
GHSA-f693-58pc-2gfr was published for openclaw (npm) Apr 3, 2026
smaeljaish771 Credited to smaeljaish771
OpenClaw: diffs viewer misclassifies proxied remote requests as loopback when `allowRemoteViewer` is disabled Moderate
GHSA-3xv9-89fm-7h4r was published for openclaw (npm) Apr 3, 2026
smaeljaish771 Credited to smaeljaish771
OpenClaw: Forged Nostr DMs could create pairing state before signature verification Moderate
GHSA-h43v-27wg-5mf9 was published for openclaw (npm) Apr 7, 2026
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenClaw: Pairing pending-request caps were enforced per channel instead of per account Moderate
GHSA-wwfp-w96m-c6x8 was published for openclaw (npm) Apr 7, 2026
smaeljaish771 Credited to smaeljaish771
OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections Moderate
GHSA-fh32-73r9-rgh5 was published for openclaw (npm) Apr 7, 2026
smaeljaish771 Credited to smaeljaish771
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database