Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,980
Maven
5,000+
npm
4,634
NuGet
788
pip
4,321
Pub
12
RubyGems
986
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

118,888 advisories

Loading
OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypass High
CVE-2026-25474 was published for openclaw (npm) Feb 17, 2026
yueyueL
Credited to yueyueL
Gogs has a Protected Branch Deletion Bypass in Web Interface High
CVE-2026-25232 was published for gogs.io/gogs (Go) Feb 17, 2026
spingARbor
Credited to spingARbor
A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04.... High Unreviewed
CVE-2025-70956 was published Feb 14, 2026
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated... High Unreviewed
CVE-2026-23689 was published Feb 10, 2026
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials,... High Unreviewed
CVE-2026-2103 was published Feb 6, 2026
LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low... High Unreviewed
CVE-2025-70866 was published Feb 14, 2026
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1... High Unreviewed
CVE-2025-36247 was published Feb 17, 2026
Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system... High Unreviewed
CVE-2026-23648 was published Feb 17, 2026
jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the... High Unreviewed
CVE-2025-70397 was published Feb 17, 2026
An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter... High Unreviewed
CVE-2025-70828 was published Feb 17, 2026
An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client... High Unreviewed
CVE-2024-23459 was published May 2, 2024
Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default High
CVE-2025-66416 was published for mcp (pip) Dec 2, 2025
JLLeitschuh
Credited to JLLeitschuh
Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default High
CVE-2025-66414 was published for @modelcontextprotocol/sdk (npm) Dec 2, 2025
JLLeitschuh
Credited to JLLeitschuh
Pterodactyl Panel's SFTP sessions remain active after user account deletion or password change High
GHSA-hr7j-63v7-vj7g was published for github.com/pterodactyl/wings (Composer) Feb 17, 2026
KTOymep
Credited to KTOymep
OpenClaw affected by SSRF in Image Tool Remote Fetch High
GHSA-56f2-hvwg-5743 was published for openclaw (npm) Feb 17, 2026
p80n-sec
Credited to p80n-sec
Rack has a Directory Traversal via Rack:Directory High
CVE-2026-22860 was published for rack (RubyGems) Feb 17, 2026
Masamuneee jeremyevans
ioquatix
Credited to Masamuneee, jeremyevans, and ioquatix
OpenClaw has an exec allowlist bypass via command substitution/backticks inside double quotes High
GHSA-3hcm-ggvf-rch5 was published for openclaw (npm) Feb 17, 2026
simecek stanislavfortaisle
Credited to simecek and stanislavfortaisle
OpenClaw's Browser Relay /cdp websocket is missing auth which could allow cross-tab cookie access High
GHSA-mr32-vwc2-5j6h was published for moltbot (npm) Feb 17, 2026
johnatzeropath LeftenantZero
yueyueL
Credited to johnatzeropath, LeftenantZero, and yueyueL
OpenClaw's Windows cmd.exe parsing may bypass exec allowlist/approval gating High
GHSA-qj77-c3c8-9c3q was published for openclaw (npm) Feb 17, 2026
simecek stanislavfortaisle
Credited to simecek and stanislavfortaisle
OpenClaw has an arbitrary transcript path file write via gateway sessionFile High
GHSA-64qx-vpxx-mvqf was published for openclaw (npm) Feb 17, 2026
tubadeligoz
Credited to tubadeligoz
OpenClaw Hook Session Key Override Enables Targeted Cross-Session Routing High
GHSA-hv93-r4j3-q65f was published for openclaw (npm) Feb 17, 2026
alpernae
Credited to alpernae
Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in... High Unreviewed
CVE-2026-2474 was published Feb 16, 2026
The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks,... High Unreviewed
CVE-2026-0929 was published Feb 16, 2026
A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON... High Unreviewed
CVE-2025-70954 was published Feb 14, 2026
An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to... High Unreviewed
CVE-2025-65716 was published Feb 16, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database