Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

16 advisories

Loading
Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115... Low Unreviewed
CVE-2026-12032 was published Jun 12, 2026
OpenClaw: Slack thread context could include messages from non-allowlisted senders Low
CVE-2026-41358 was published for openclaw (npm) May 4, 2026
AntAISecurityLab Credited to AntAISecurityLab
A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function... Low Unreviewed
CVE-2026-7643 was published May 2, 2026
A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the... Low Unreviewed
CVE-2026-7581 was published May 1, 2026
Duplicate Advisory: OpenClaw: Slack thread context could include messages from non-allowlisted senders Low
GHSA-7hrg-5w46-5r2x was published for openclaw (npm) Apr 24, 2026 withdrawn
Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim Low
CVE-2026-37977 was published for org.keycloak:keycloak-services (Maven) Apr 6, 2026
OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode Low
CVE-2026-41347 was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Matrix thread root and reply context bypass sender allowlist Low
CVE-2026-41376 was published for openclaw (npm) Apr 2, 2026
AntAISecurityLab Credited to AntAISecurityLab
Dark Reader gives users the ability to request style sheets from local web servers Low
CVE-2025-68467 was published for darkreader (npm) Mar 4, 2026
Proctorio Chrome Extension is a browser extension used for online proctoring. The extension... Low Unreviewed
CVE-2026-2345 was published Feb 11, 2026
A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as... Low Unreviewed
CVE-2025-4839 was published May 18, 2025
A vulnerability, which was classified as problematic, has been found in Freeebird Hotel 酒店管理系统... Low Unreviewed
CVE-2025-4542 was published May 11, 2025
A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0.... Low Unreviewed
CVE-2025-1083 was published Feb 7, 2025
In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining... Low Unreviewed
CVE-2024-57965 was published Jan 29, 2025
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows... Low Unreviewed
CVE-2024-5905 was published Jun 12, 2024
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect Low
CVE-2022-31151 was published for undici (npm) Jul 21, 2022
Haxatron Credited to Haxatron
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database