GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
430 advisories
SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB
Moderate
CVE-2026-32704
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 13, 2026
OpenClaw: Feishu reaction events could bypass group authorization and mention gating
Moderate
GHSA-m69h-jm2f-2pv8
was published
for
openclaw
(npm)
Mar 13, 2026
OpenClaw's system.run approvals did not bind mutable script operands across approval and execution
Moderate
GHSA-8g75-q649-6pv6
was published
for
openclaw
(npm)
Mar 12, 2026
OneUptime has WhatsApp Resend Verification Authorization Bypass
Moderate
CVE-2026-30959
was published
for
@oneuptime/common
(npm)
Mar 10, 2026
OpenClaw has an opt-in insecure Control UI auth over plaintext HTTP could allow privileged access
Moderate
CVE-2026-32034
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw DM pairing-store identities could satisfy group allowlist authorization
Moderate
CVE-2026-32027
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Node exec approvals could be replayed across nodes
Moderate
GHSA-6x2m-hqfw-hvpj
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw's unauthenticated Nostr profile HTTP endpoints allow remote profile/config tampering
Moderate
CVE-2026-28450
was published
for
openclaw
(npm)
Feb 17, 2026
phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)
Moderate
CVE-2026-24421
was published
for
phpmyfaq/phpmyfaq
(Composer)
Jan 23, 2026
ProTip!
Advisories are also available from the
GraphQL API