Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,437
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,694
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

34 advisories

Loading
OpenClaw: Chrome --no-sandbox disabled OS-level browser sandbox in sandbox browser container Moderate
CVE-2026-32046 was published for openclaw (npm) Mar 3, 2026
TerminalsandCoffee Credited to TerminalsandCoffee
OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions Moderate
CVE-2026-27646 was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey
A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution Moderate
CVE-2026-33622 was published for github.com/pinchtab/pinchtab (Go) Mar 24, 2026
Yesuhei Credited to Yesuhei
OpenClaw has a sandbox network isolation bypass via docker.network=container:<id> Moderate
CVE-2026-32038 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
@grackle-ai/server has Missing Content-Security-Policy and X-Frame-Options Headers Moderate
GHSA-3mjm-x6gw-2x42 was published for @grackle-ai/server (npm) Mar 25, 2026
Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier) Moderate
CVE-2026-32947 was published for step-security/harden-runner (GitHub Actions) Mar 17, 2026
devanshbatham Credited to devanshbatham
Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier) Moderate
CVE-2026-32946 was published for step-security/harden-runner (GitHub Actions) Mar 17, 2026
devanshbatham Credited to devanshbatham
kora-lib: Unrecognized Instruction Types Create Empty Stubs That Bypass Fee Payer Policy Moderate
GHSA-x442-m7cc-hr92 was published for kora-lib (Rust) Mar 12, 2026
solanabughunter-glitch Credited to solanabughunter-glitch
Parse Server has denylist `requestKeywordDenylist` keyword scan bypass through nested object placement Moderate
CVE-2026-30938 was published for parse-server (npm) Mar 10, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
n8n has a Guardrail Node Bypass Moderate
GHSA-fvfv-ppw4-7h2w was published for n8n (npm) Feb 26, 2026
akirilov Credited to akirilov
uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries Moderate
CVE-2026-26994 was published for github.com/refraction-networking/utls (Go) Apr 23, 2025
TaskWeaver has Protection Mechanism Failure and Server-Side Request Forgery (SSRF) Moderate
GHSA-gpx9-96j6-pp87 was published for agentos-taskweaver (pip) Jan 28, 2026
nnfrog Credited to nnfrog
HTTP/HTTPS Traffic Interception Bypass in mad-proxy Moderate
CVE-2025-67485 was published for mad-proxy (pip) Dec 9, 2025
machphy Credited to machphy
Jinja has a sandbox breakout through indirect reference to format method Moderate
CVE-2024-56326 was published for jinja2 (pip) Dec 23, 2024
Lydxn Credited to Lydxn and despawningbone despawningbone despawningbone
Jenkins WildFly Deployer Plugin vulnerable to path traversal Moderate
CVE-2022-41235 was published for org.jenkins-ci.plugins:wildfly-deployer (Maven) Sep 22, 2022
NotMyFault Credited to NotMyFault
Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin Moderate
CVE-2022-43423 was published for com.compuware.jenkins:compuware-scm-downloader (Maven) Oct 19, 2022
NotMyFault Credited to NotMyFault
Jenkins NUnit Plugin vulnerable to Protection Mechanism Failure Moderate
CVE-2022-43414 was published for org.jenkins-ci.plugins:nunit (Maven) Oct 19, 2022
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability Moderate
CVE-2024-38874 was published for jweiland/events2 (Composer) Jun 21, 2024
iusx Credited to iusx
Denial of Service in Keycloak Server via Security Headers Moderate
CVE-2024-11734 was published for org.keycloak:keycloak-quarkus-server (Maven) Jan 13, 2025
Plone Sandbox Bypass Moderate
CVE-2012-5487 was published for Plone (pip) May 17, 2022
Twig has a possible sandbox bypass Moderate
CVE-2024-45411 was published for twig/twig (Composer) Sep 9, 2024
fabpot Credited to fabpot and stof stof stof
Plone Sandbox Bypass Moderate
CVE-2012-5493 was published for Plone (pip) May 17, 2022
@backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection Moderate
CVE-2024-46976 was published for @backstage/plugin-techdocs-backend (npm) Sep 17, 2024
Mattermost allows remote/synthetic users to create sessions, reset passwords Moderate
CVE-2024-39836 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
ejs lacks certain pollution protection Moderate
CVE-2024-33883 was published for ejs (npm) Apr 28, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database