Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
Signal K Server: Unauthenticated Source Priorities Manipulation Moderate
CVE-2026-33951 was published for signalk-server (npm) Apr 3, 2026
VashuVats Credited to VashuVats
@grackle-ai/powerline Runs Without Authentication by Default Moderate
GHSA-xq7h-vwjp-5vrh was published for @grackle-ai/powerline (npm) Mar 25, 2026
Duplicate Advisory: OpenClaw: BlueBubbles beta plugin webhook auth hardening (remove passwordless fallback) Moderate
GHSA-vh4c-j2xv-9pv9 was published for openclaw (npm) Mar 21, 2026 withdrawn
Parse Server's GraphQL WebSocket endpoint bypasses security middleware Moderate
CVE-2026-32594 was published for parse-server (npm) Mar 13, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
OpenClaw Loopback CDP probe can leak Gateway token to local listener Moderate
CVE-2026-22174 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has auth inconsistency on local Browser Extension Relay /extension endpoint Moderate
GHSA-pfv7-rr5m-qmv6 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: BlueBubbles beta plugin webhook auth hardening (remove passwordless fallback) Moderate
CVE-2026-32896 was published for openclaw (npm) Mar 3, 2026
zpbrent Credited to zpbrent
OpenClaw Twilio voice-call webhook auth bypass when ngrok loopback compatibility is enabled Moderate
CVE-2026-29606 was published for openclaw (npm) Feb 18, 2026
p80n-sec Credited to p80n-sec
OpenClaw's unauthenticated Nostr profile HTTP endpoints allow remote profile/config tampering Moderate
CVE-2026-28450 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
Automatic room upgrade handling can be used maliciously to bridge a room non-consentually Moderate
CVE-2021-32659 was published for matrix-appservice-bridge (npm) Jun 21, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database