GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
42 advisories
OpenClaw: SSH-based sandbox backends pass unsanitized process.env to child processes
Moderate
GHSA-j9pv-rrcj-6pfx
was published
for
openclaw
(npm)
Apr 2, 2026
OpenClaw Exposes Credentials Embedded in baseUrl Fields via config.get and channels.status
Moderate
GHSA-ppwq-6v66-5m6j
was published
for
openclaw
(npm)
Mar 26, 2026
CBORDecoder reuse can leak shareable values across decode calls
Moderate
CVE-2025-68131
was published
for
cbor2
(pip)
Dec 31, 2025
Shopware exposes sensitive user information via CSV export mapping
Moderate
GHSA-27c9-vp3w-6ww8
was published
for
shopware/core
(Composer)
Oct 21, 2025
Contao can disclose sensitive information in the news module
Moderate
CVE-2025-57757
was published
for
contao/contao
(Composer)
Aug 28, 2025
SixLabors.ImageSharp vulnerable to data leakage
Moderate
CVE-2024-32036
was published
for
SixLabors.ImageSharp
(NuGet)
Apr 15, 2024
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore
Moderate
CVE-2024-32028
was published
for
OpenTelemetry.Instrumentation.AspNetCore
(NuGet)
Apr 12, 2024
ProTip!
Advisories are also available from the
GraphQL API