Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,489
Maven
5,000+
npm
5,000+
NuGet
892
pip
4,745
Pub
13
RubyGems
1,033
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

97 advisories

Loading
Duplicate Advisory: OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication Moderate
GHSA-9gvx-vj57-vqqx was published for openclaw (npm) Apr 10, 2026 withdrawn
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction... Moderate Unreviewed
CVE-2026-35642 was published Apr 10, 2026
Sulu checks fix permissions for subentities endpoints Moderate
CVE-2026-34372 was published for sulu/sulu (Composer) Mar 30, 2026
sh4dowalker Credited to sh4dowalker
OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State Moderate
CVE-2026-35661 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: MS Teams Feedback Invocation Bypasses Sender Allowlists and Records Unauthorized Session Feedback Moderate
CVE-2026-35654 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Feishu Raw Card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing Moderate
CVE-2026-35664 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events Moderate
GHSA-mw7w-g3mg-xqm7 was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
OpenClaw: Matrix Verification Notices Bypass Matrix DM Policy and Reply to Unpaired DM Peers Moderate
CVE-2026-35647 was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect /... Moderate Unreviewed
CVE-2026-3531 was published Mar 26, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18... Moderate Unreviewed
CVE-2026-2745 was published Mar 25, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows... Moderate Unreviewed
CVE-2026-3214 was published Mar 25, 2026
Vikunja has a 2FA Bypass via Caldav Basic Auth Moderate
CVE-2026-33315 was published for code.vikunja.io/api (Go) Mar 20, 2026
alp1n3-dev Credited to alp1n3-dev
OpenClaw: /api/channels gateway-auth boundary bypass via path canonicalization mismatch Moderate
CVE-2026-32031 was published for openclaw (npm) Mar 12, 2026
tdjackey Credited to tdjackey
Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote... Moderate Unreviewed
CVE-2026-3930 was published Mar 12, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18... Moderate Unreviewed
CVE-2026-0602 was published Mar 11, 2026
EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication (MFA) bypass... Moderate Unreviewed
CVE-2026-30777 was published Mar 5, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8... Moderate Unreviewed
CVE-2026-1747 was published Feb 25, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Case-Themes Booked... Moderate Unreviewed
CVE-2026-22341 was published Feb 20, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in ahachat AhaChat... Moderate Unreviewed
CVE-2025-68895 was published Feb 20, 2026
A vulnerability in the management API of the affected product could allow an unauthenticated... Moderate Unreviewed
CVE-2026-23596 was published Feb 17, 2026
BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to... Moderate Unreviewed
CVE-2020-37156 was published Feb 11, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra... Moderate Unreviewed
CVE-2026-0948 was published Feb 4, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5... Moderate Unreviewed
CVE-2025-13980 was published Jan 28, 2026
A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS... Moderate Unreviewed
CVE-2025-46286 was published Jan 10, 2026
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists... Moderate Unreviewed
CVE-2025-67282 was published Jan 9, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database