Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

30 advisories

Loading
OpenClaw: Active Memory write scope could mutate global config Moderate
CVE-2026-53847 was published for openclaw (npm) Jun 18, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
Duplicate Advisory: Active Memory write scope could mutate global config Moderate
GHSA-58wc-8wrv-xp9j was published for openclaw (npm) Jun 16, 2026 withdrawn
OpenClaw: Nostr profile mutation routes allowed operator.write config persistence Moderate
GHSA-f3h5-h452-vp3j was published for openclaw (npm) Apr 17, 2026
zpbrent Credited to zpbrent
OpenClaw: Memory dreaming config persistence was reachable from operator.write commands Moderate
CVE-2026-43568 was published for openclaw (npm) Apr 17, 2026
zpbrent Credited to zpbrent
OpenClaw: Collect-mode queue batches could reuse the last sender authorization context Moderate
CVE-2026-43535 was published for openclaw (npm) Apr 17, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
Silverstripe Assets Module has a DBFile::getURL() permission bypass Moderate
CVE-2026-24749 was published for silverstripe/assets (Composer) Apr 16, 2026
OpenClaw: Gateway Plugin Subagent Fallback `deleteSession` Uses Synthetic `operator.admin` Moderate
CVE-2026-35645 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
Keycloak: manage-clients permission escalates to full realm admin access Moderate
CVE-2026-3121 was published for org.keycloak:keycloak-services (Maven) Mar 26, 2026
funadmin has Incorrect Privilege Assignment in its Configuration Handler Moderate
CVE-2026-2896 was published for funadmin/funadmin (Composer) Feb 22, 2026
Keycloak Affected by Broken Access Control Vulnerability in the UserManagedPermissionService Moderate
CVE-2025-14778 was published for org.keycloak:keycloak-services (Maven) Feb 9, 2026
eminaktas Credited to eminaktas
sd changes the group ownership of the source file Moderate
CVE-2025-65807 was published for sd (Rust) Dec 10, 2025
NutzBoot Incorrect Privilege Assignment vulnerability Moderate
CVE-2025-13806 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
New authd users logging in via SSH are members of the root group Moderate
CVE-2025-5689 was published for github.com/ubuntu/authd (Go) Jun 16, 2025
pypickle Incorrect Privilege Assignment vulnerability Moderate
CVE-2025-5175 was published for pypickle (pip) May 26, 2025
PrinceRaj-0 Credited to PrinceRaj-0
containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods. Moderate
CVE-2025-47291 was published for github.com/containerd/containerd/v2 (Go) May 21, 2025
rata Credited to rata and rogowski-piotr rogowski-piotr rogowski-piotr
TeamPass mail_me operation authorization issue Moderate
CVE-2024-50702 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
TeamPass does not properly check whether a folder is in a user's allowed folders list Moderate
CVE-2024-50701 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
Hashicorp Nomad Incorrect Privilege Assignment vulnerability Moderate
CVE-2024-12678 was published for github.com/hashicorp/nomad (Go) Dec 20, 2024
Hwameistor Potential Permission Leakage of Cluster Level Moderate
CVE-2024-45054 was published for github.com/hwameistor/hwameistor (Go) Aug 29, 2024
younaman Credited to younaman
Mage AI incorrectly gives privileges to users with deleted accounts Moderate
CVE-2024-45187 was published for mage-ai (pip) Aug 23, 2024
Grafana plugin data sources vulnerable to access control bypass Moderate
CVE-2024-6322 was published for github.com/grafana/grafana (Go) Aug 20, 2024
Kubelet Incorrect Privilege Assignment Moderate
CVE-2019-11245 was published for k8s.io/kubernetes/cmd/kubelet (Go) Apr 24, 2024
Nomad Search API Leaks Information About CSI Plugins Moderate
CVE-2023-3300 was published for github.com/hashicorp/nomad (Go) Jul 20, 2023
anonymous4ACL24 Credited to anonymous4ACL24
Nomad ACL Policies without Label are Applied to Unexpected Resources Moderate
CVE-2023-3072 was published for github.com/hashicorp/nomad (Go) Jul 20, 2023
anonymous4ACL24 Credited to anonymous4ACL24
ProTip! Advisories are also available from the GraphQL API