GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
12 advisories
OpenClaw safeBins jq `$ENV` filter bypass allows environment variable disclosure
High
GHSA-jccr-rrw2-vc8h
was published
for
openclaw
(npm)
Mar 31, 2026
SVG Dimension Capping Bypass via XML Comment Injection in @dicebear/converter ensureSize()
High
CVE-2026-33418
was published
for
@dicebear/converter
(npm)
Mar 20, 2026
Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation
Moderate
CVE-2026-3419
was published
for
fastify
(npm)
Mar 5, 2026
fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names
Critical
CVE-2026-25896
was published
for
fast-xml-parser
(npm)
Feb 20, 2026
Hono IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing
Moderate
CVE-2026-24398
was published
for
hono
(npm)
Jan 27, 2026
parse-uri Regular expression Denial of Service (ReDoS)
Moderate
CVE-2024-36751
was published
for
parse-uri
(npm)
Jan 16, 2025
Regular Expression Denial of Service in papaparse
High
CVE-2020-36649
was published
for
papaparse
(npm)
Sep 4, 2020
ProTip!
Advisories are also available from the
GraphQL API