Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
OpenClaw has Zip Slip path traversal in tar archive extraction High
CVE-2026-28453 was published for openclaw (npm) Mar 2, 2026
xuemian168 Credited to xuemian168 and ShangzhiXu ShangzhiXu ShangzhiXu
New API has an SQL LIKE Wildcard Injection DoS via Token Search High
CVE-2026-25591 was published for github.com/QuantumNous/new-api (Go) Feb 23, 2026
xuemian168 Credited to xuemian168, callmeiks, and Calcium-Ion callmeiks callmeiks
Calcium-Ion Calcium-Ion
OpenClaw has a Web Fetch DoS via unbounded response parsing Moderate
CVE-2026-28394 was published for openclaw (npm) Feb 19, 2026
xuemian168 Credited to xuemian168 and ShangzhiXu ShangzhiXu ShangzhiXu
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database