GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
6,797 advisories
AVideo: Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php
Low
CVE-2026-35448
was published
for
wwbn/avideo
(Composer)
Apr 4, 2026
AVideo: Unauthenticated Instagram Graph API Proxy via publishInstagram.json.php
Moderate
CVE-2026-35179
was published
for
wwbn/avideo
(Composer)
Apr 3, 2026
Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity
Critical
CVE-2026-33950
was published
for
signalk-server
(npm)
Apr 3, 2026
Ajenti has an authorization bypass during custom package installation
High
CVE-2026-35175
was published
for
ajenti-panel
(pip)
Apr 3, 2026
OpenClaw: Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps
Low
GHSA-x2m8-53h4-6hch
was published
for
openclaw
(npm)
Apr 3, 2026
OpenClaw: Unauthenticated plugin-auth HTTP routes receive operator runtime scopes
Moderate
GHSA-mhgq-xpfq-6r66
was published
for
openclaw
(npm)
Apr 2, 2026
Dgraph: Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization
Critical
CVE-2026-34976
was published
for
github.com/dgraph-io/dgraph
(Go)
Apr 2, 2026
AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() Bug
Moderate
CVE-2026-34737
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
OpenClaw's Discord component interaction ingress skips guild/channel policy enforcement
Moderate
GHSA-jp4j-q5fc-58gv
was published
for
openclaw
(npm)
Mar 31, 2026
OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials
High
GHSA-3cw3-5vxw-g2h3
was published
for
openclaw
(npm)
Mar 31, 2026
OpenClaw: Zalo channel downloads media before sender authorization
Moderate
CVE-2026-33576
was published
for
openclaw
(npm)
Mar 31, 2026
AVideo vulnerable to Mass User PII Disclosure via Missing Authorization in YPTWallet users.json.php
Moderate
CVE-2026-34395
was published
for
wwbn/avideo
(Composer)
Mar 31, 2026
ProTip!
Advisories are also available from the
GraphQL API