GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,286 advisories
OpenClaw: Media download follows cross-origin redirects with Authorization headers intact
Moderate
GHSA-68v4-hmwv-f43h
was published
for
openclaw
(npm)
Apr 3, 2026
FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft
Critical
CVE-2026-34361
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.validation
(Maven)
Mar 30, 2026
OpenClaw Exposes Credentials Embedded in baseUrl Fields via config.get and channels.status
Moderate
GHSA-ppwq-6v66-5m6j
was published
for
openclaw
(npm)
Mar 26, 2026
Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL
Moderate
CVE-2026-33182
was published
for
saloonphp/saloon
(Composer)
Mar 25, 2026
Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers
High
CVE-2026-32634
was published
for
Glances
(pip)
Mar 16, 2026
Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`
Critical
CVE-2026-32633
was published
for
Glances
(pip)
Mar 16, 2026
OpenClaw: fetch-guard forwards custom authorization headers across cross-origin redirects
High
CVE-2026-32913
was published
for
openclaw
(npm)
Mar 9, 2026
ProTip!
Advisories are also available from the
GraphQL API