Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

15 advisories

Loading
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue High
CVE-2023-49781 was published for nocodb (npm) May 13, 2024
zpbrent Credited to zpbrent
OpenClaw has a local file disclosure via sendMediaFeishu in Feishu extension High
CVE-2026-26321 was published for openclaw (npm) Feb 17, 2026
zpbrent Credited to zpbrent
OpenClaw has a LFI in BlueBubbles media path handling High
CVE-2026-29611 was published for openclaw (npm) Feb 18, 2026
zpbrent Credited to zpbrent
OpenClaw has two SSRF via sendMediaFeishu and markdown image fetching in Feishu extension High
CVE-2026-28451 was published for openclaw (npm) Feb 18, 2026
zpbrent Credited to zpbrent
OpenClaw vulnerable to sensitive file disclosure via stageSandboxMedia High
CVE-2026-32030 was published for openclaw (npm) Mar 3, 2026
zpbrent Credited to zpbrent
OpenClaw: Gateway HTTP /sessions/:sessionKey/kill Reaches Admin Kill Path Without Caller Scope Binding High
GHSA-9p93-7j67-5pc2 was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
zpbrent Credited to zpbrent
OpenClaw Gateway `operator.write` can reach admin-only session reset via `chat.send` `/reset` High
GHSA-5r8f-96gm-5j6g was published for openclaw (npm) Apr 1, 2026
zpbrent Credited to zpbrent
zpbrent Credited to zpbrent
zpbrent Credited to zpbrent
OpenClaw has Inconsistent Host Exec Environment Override Sanitization High
CVE-2026-35650 was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
zpbrent Credited to zpbrent
OpenClaw: Matrix profile config persistence was reachable from operator.write message tools High
CVE-2026-42433 was published for openclaw (npm) Apr 17, 2026
zpbrent Credited to zpbrent
OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins High
CVE-2026-43569 was published for openclaw (npm) Apr 17, 2026
zpbrent Credited to zpbrent
zpbrent Credited to zpbrent
ProTip! Advisories are also available from the GraphQL API