GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
6 advisories
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion
Moderate
CVE-2024-53866
was published
for
pnpm
(npm)
Dec 10, 2024
pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)
Moderate
CVE-2026-23888
was published
for
pnpm
(npm)
Jan 26, 2026
OpenClaw's tools.exec.safeBins trusted PATH directories allowed binary shadowing in allowlist mode
Moderate
GHSA-qhrr-grqp-6x2g
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's shell env fallback trusts unvalidated SHELL path from host environment
Moderate
GHSA-f8mp-vj46-cq8v
was published
for
openclaw
(npm)
Mar 3, 2026
ProTip!
Advisories are also available from the
GraphQL API