Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
42
Go
3,129
Maven
5,000+
npm
5,000+
NuGet
830
pip
4,436
Pub
12
RubyGems
988
Rust
1,172
Swift
50
Unreviewed advisories
All unreviewed
5,000+

14 advisories

Loading
OpenClaw's `system.run` env override filtering allowed dangerous helper-command pivots Moderate
GHSA-j425-whc4-4jgc was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey, SnailSploit, and zpbrent SnailSploit SnailSploit
zpbrent zpbrent
zeptoclaw has Shell allowlist-blocklist bypass via command/argument injection and file name wildcards Critical
GHSA-5wp8-q9mx-8jx8 was published for zeptoclaw (Rust) Mar 5, 2026
zpbrent Credited to zpbrent
zeptoclaw has Android device shell blocklist bypass via argument permutation High
GHSA-hhjv-jq77-cmvx was published for zeptoclaw (Rust) Mar 5, 2026
zpbrent Credited to zpbrent
OpenClaw has SSRF guard bypass via IPv6 transition over ISATAP Moderate
GHSA-8cp7-rp8r-mg77 was published for openclaw (npm) Mar 4, 2026
zpbrent Credited to zpbrent
OpenClaw has a IPv6 multicast SSRF classifier bypass Moderate
GHSA-h97f-6pqj-q452 was published for openclaw (npm) Mar 3, 2026
zpbrent Credited to zpbrent
OpenClaw: BlueBubbles beta plugin webhook auth hardening (remove passwordless fallback) Moderate
GHSA-5mx2-2mgw-x8rm was published for openclaw/openclaw (npm) Mar 3, 2026
zpbrent Credited to zpbrent
OpenClaw vulnerable to sensitive file disclosure via stageSandboxMedia High
GHSA-x9cf-3w63-rpq9 was published for openclaw (npm) Mar 3, 2026
zpbrent Credited to zpbrent
OpenClaw has gateway plugin auth bypass via encoded dot-segment traversal in protected /api/channels paths High
GHSA-mwxv-35wr-4vvj was published for openclaw (npm) Mar 3, 2026
zpbrent Credited to zpbrent
OpenClaw's gateway tokenless Tailscale auth applied to HTTP routes Moderate
GHSA-hff7-ccv5-52f8 was published for openclaw (npm) Mar 3, 2026
zpbrent Credited to zpbrent
Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER High
GHSA-97f8-7cmv-76j2 was published for picklescan (pip) Feb 18, 2026
zpbrent Credited to zpbrent
OpenClaw has two SSRF via sendMediaFeishu and markdown image fetching in Feishu extension High
CVE-2026-28451 was published for openclaw (npm) Feb 18, 2026
zpbrent Credited to zpbrent
OpenClaw has a LFI in BlueBubbles media path handling High
CVE-2026-29611 was published for openclaw (npm) Feb 18, 2026
zpbrent Credited to zpbrent
OpenClaw has a local file disclosure via sendMediaFeishu in Feishu extension High
CVE-2026-26321 was published for openclaw (npm) Feb 17, 2026
zpbrent Credited to zpbrent
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue High
CVE-2023-49781 was published for nocodb (npm) May 13, 2024
zpbrent Credited to zpbrent
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database