Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,723
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,947
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

1,049 advisories

Loading
External Secrets Operator has Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore Low
CVE-2026-42875 was published for github.com/external-secrets/external-secrets (Go) May 5, 2026
moolen Credited to moolen
OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in... Low Unreviewed
CVE-2026-41362 was published Apr 28, 2026
OpenClaw before 2026.3.28 contains an environment variable disclosure vulnerability in the jq... High Unreviewed
CVE-2026-41368 was published Apr 28, 2026
Duplicate Advisory: OpenClaw: Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables High
GHSA-5mh4-3rv3-fpcf was published for openclaw (npm) Apr 28, 2026 withdrawn
Apache Airflow Exposes Secrets in Variables Saved as JSON Dictionaries Low
CVE-2026-32690 was published for apache-airflow-core (pip) Apr 18, 2026
Apache Airflow exposes SQL stack trace despite "api/expose_stack_traces" set to false Moderate
CVE-2026-30912 was published for apache-airflow-core (pip) Apr 18, 2026
Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could... High Unreviewed
CVE-2025-54502 was published Apr 16, 2026
Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript execution... High Unreviewed
CVE-2026-39911 was published Apr 9, 2026
OpenClaw: Shared reply MEDIA - paths are treated as trusted and can trigger cross-channel local file exfiltration Moderate
CVE-2026-42424 was published for openclaw (npm) Apr 9, 2026
threalwinky Credited to threalwinky
Apache Airflow has an authorization bypass in DagRun wait endpoint Moderate
CVE-2026-34538 was published for apache-airflow (pip) Apr 9, 2026
PraisonAI has Memory State Leakage and Path Traversal in MultiAgent Context Handling Moderate
GHSA-766v-q9x3-g744 was published for praisonaiagents (pip) Apr 8, 2026
offset Credited to offset
Electron: Named window.open targets not scoped to the opener's browsing context Moderate
CVE-2026-34765 was published for electron (npm) Apr 7, 2026
HO-9 Credited to HO-9 and HanJeouk HanJeouk HanJeouk
SandboxJS: Sandbox Escape via Prop Object Leak in New Handler Moderate
CVE-2026-34217 was published for @nyariv/sandboxjs (npm) Apr 3, 2026
chawdamrunal Credited to chawdamrunal
OpenClaw: Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables High
CVE-2026-41369 was published for openclaw (npm) Apr 3, 2026
tdjackey Credited to tdjackey
Electron: Context Isolation bypass via contextBridge VideoFrame transfer High
CVE-2026-34780 was published for electron (npm) Apr 3, 2026
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an... Critical Unreviewed
CVE-2026-20160 was published Apr 1, 2026
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC... High Unreviewed
CVE-2026-33573 was published Mar 29, 2026
OpenClaw: Image Tool `tools.fs.workspaceOnly` Bypass via Sandbox Bridge Mounts Moderate
CVE-2026-35658 was published for openclaw (npm) Mar 26, 2026
YLChen-007 Credited to YLChen-007
Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications High
CVE-2026-28779 was published for apache-airflow (pip) Mar 17, 2026
OpenClaw: Gateway `agent` calls could override the workspace boundary High
GHSA-2rqg-gjgv-84jm was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
Exposure of resource to wrong sphere in the UEFI PdaSmm module for some Intel(R) reference... Moderate Unreviewed
CVE-2025-22444 was published Mar 11, 2026
AVideo: Unauthenticated PHP session store exposed to host network via published memcached port High
CVE-2026-29093 was published for wwbn/avideo (Composer) Mar 5, 2026
bugbunny-research Credited to bugbunny-research
The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly... Moderate Unreviewed
CVE-2026-2297 was published Mar 5, 2026
OpenClaw: Hardlink alias checks could bypass workspace-only file boundaries in specific configurations High
GHSA-3jx4-q2m7-r496 was published for openclaw (npm) Mar 4, 2026
tdjackey Credited to tdjackey
Dark Reader gives users the ability to request style sheets from local web servers Low
CVE-2025-68467 was published for darkreader (npm) Mar 4, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database