Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,489
Maven
5,000+
npm
5,000+
NuGet
892
pip
4,745
Pub
13
RubyGems
1,033
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

463 advisories

Loading
Duplicate Advisory: OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication Moderate
GHSA-9gvx-vj57-vqqx was published for openclaw (npm) Apr 10, 2026 withdrawn
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction... Moderate Unreviewed
CVE-2026-35642 was published Apr 10, 2026
OpenClaw: Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement High
GHSA-5wj5-87vq-39xm was published for openclaw (npm) Apr 9, 2026
zsxsoft Credited to zsxsoft and KeenSecurityLab KeenSecurityLab KeenSecurityLab
megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition... Critical Unreviewed
CVE-2026-31271 was published Apr 7, 2026
In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during... Critical Unreviewed
CVE-2026-30079 was published Apr 7, 2026
An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login... Critical Unreviewed
CVE-2026-31151 was published Apr 6, 2026
Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity Critical
CVE-2026-33950 was published for signalk-server (npm) Apr 3, 2026
VashuVats Credited to VashuVats
Better Auth Has Two-Factor Authentication Bypass via Premature Session Caching (session.cookieCache) Critical
GHSA-xg6x-h9c9-2m83 was published for better-auth (npm) Apr 3, 2026
TriDecent Credited to TriDecent
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia... High Unreviewed
CVE-2024-44286 was published Apr 2, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA... High Unreviewed
CVE-2026-29139 was published Apr 2, 2026
goshs has Auth Bypass via Share Token High
CVE-2026-34581 was published for github.com/patrickhener/goshs (Go) Apr 1, 2026
marduc812 Credited to marduc812
Sulu checks fix permissions for subentities endpoints Moderate
CVE-2026-34372 was published for sulu/sulu (Composer) Mar 30, 2026
sh4dowalker Credited to sh4dowalker
OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State Moderate
CVE-2026-35661 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: MS Teams Feedback Invocation Bypasses Sender Allowlists and Records Unauthorized Session Feedback Moderate
CVE-2026-35654 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Feishu Raw Card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing Moderate
CVE-2026-35664 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
mpp has multiple payment bypass and griefing vulnerabilities Critical
GHSA-fxc9-7j2w-vx54 was published for mpp (Rust) Mar 29, 2026
samczsun Credited to samczsun and veria-labs veria-labs veria-labs
mppx has multiple payment bypass and griefing vulnerabilities Critical
GHSA-8x4m-qw58-3pcx was published for mppx (npm) Mar 29, 2026
samczsun Credited to samczsun and veria-labs veria-labs veria-labs
OpenClaw: BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events Moderate
GHSA-mw7w-g3mg-xqm7 was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
OpenClaw: Matrix Verification Notices Bypass Matrix DM Policy and Reply to Unpaired DM Peers Moderate
CVE-2026-35647 was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
Moby has AuthZ plugin bypass when provided oversized request bodies High
CVE-2026-34040 was published for github.com/docker/docker (Go) Mar 27, 2026
vvoland Credited to vvoland, manizada, VladimirEliTokarev, and 1seal manizada manizada
VladimirEliTokarev VladimirEliTokarev 1seal 1seal
Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker... High Unreviewed
CVE-2026-32678 was published Mar 27, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect /... Moderate Unreviewed
CVE-2026-3531 was published Mar 26, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18... Moderate Unreviewed
CVE-2026-2745 was published Mar 25, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro... High Unreviewed
CVE-2026-25406 was published Mar 25, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core... Critical Unreviewed
CVE-2026-27049 was published Mar 25, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database