Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,437
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,695
Pub
13
RubyGems
1,031
Rust
1,222
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,062 advisories

Loading
OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple... Moderate Unreviewed
CVE-2026-35629 was published Apr 10, 2026
OpenClaw: Strict browser SSRF bypass in Playwright redirect handling leaves private targets reachable Moderate
GHSA-w8g9-x8gx-crmm was published for openclaw (npm) Apr 9, 2026
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenClaw has Browser SSRF Policy Bypass via Interaction-Triggered Navigation Moderate
GHSA-vr5g-mmx7-h897 was published for openclaw (npm) Apr 9, 2026
ccreater222 Credited to ccreater222 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenClaw QQ Bot Extension missing SSRF Protection on All Media Fetch Paths Moderate
GHSA-3fv3-6p2v-gxwj was published for openclaw (npm) Apr 9, 2026
adithyan-ak Credited to adithyan-ak
A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function... Moderate Unreviewed
CVE-2026-5832 was published Apr 9, 2026
A security flaw has been discovered in bigsk1 openai-realtime-ui up to... Moderate Unreviewed
CVE-2026-5803 was published Apr 8, 2026
Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure.... Moderate Unreviewed
CVE-2026-33458 was published Apr 8, 2026
A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization... Moderate Unreviewed
CVE-2026-32591 was published Apr 8, 2026
A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by... Moderate Unreviewed
CVE-2026-2377 was published Apr 8, 2026
Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link... Moderate Unreviewed
CVE-2026-39670 was published Apr 8, 2026
WWBN AVideo has a Live restream log callback flow enabling stored SSRF to internal services Moderate
CVE-2026-39368 was published for WWBN/AVideo (Composer) Apr 8, 2026
threalwinky Credited to threalwinky
OpenClaw: Marketplace Plugin Download Follows Redirects Without SSRF Protection Moderate
GHSA-vjx8-8p7h-82gr was published for openclaw (npm) Apr 7, 2026
AntAISecurityLab Credited to AntAISecurityLab
The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the... Moderate Unreviewed
CVE-2025-15611 was published Apr 7, 2026
A vulnerability was determined in assafelovic gpt-researcher up to 3.4.3. Affected is an unknown... Moderate Unreviewed
CVE-2026-5633 was published Apr 6, 2026
A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of... Moderate Unreviewed
CVE-2026-5618 was published Apr 6, 2026
A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affects an unknown... Moderate Unreviewed
CVE-2026-5623 was published Apr 6, 2026
A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This... Moderate Unreviewed
CVE-2026-5607 was published Apr 6, 2026
A vulnerability was detected in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the... Moderate Unreviewed
CVE-2026-5538 was published Apr 5, 2026
A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the... Moderate Unreviewed
CVE-2026-5530 was published Apr 5, 2026
web3.py: SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling Moderate
GHSA-5hr4-253g-cpx2 was published for web3 (pip) Apr 4, 2026
Nadav0077 Credited to Nadav0077
vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from_url ` Moderate
CVE-2026-34753 was published for vllm (pip) Apr 3, 2026
Fushuling Credited to Fushuling, L2ncE, TsingShui, l2yyd5, Danthology, arthur-stat, BoyiZhao, russellb, jperezdealgaba, and Victor-code-Y L2ncE L2ncE
TsingShui TsingShui l2yyd5 l2yyd5 Danthology Danthology arthur-stat arthur-stat BoyiZhao BoyiZhao russellb russellb jperezdealgaba jperezdealgaba Victor-code-Y Victor-code-Y
prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability... Moderate Unreviewed
CVE-2026-22662 was published Apr 3, 2026
A security vulnerability has been detected in mixelpixx Google-Research-MCP... Moderate Unreviewed
CVE-2026-5470 was published Apr 3, 2026
Microsoft Bing Elevation of Privilege Vulnerability Moderate Unreviewed
CVE-2026-32186 was published Apr 3, 2026
A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the... Moderate Unreviewed
CVE-2026-5469 was published Apr 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database