Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,585
Maven
5,000+
npm
5,000+
NuGet
923
pip
4,817
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

8 advisories

Loading
OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets Moderate
GHSA-f7fh-qg34-x2xh was published for openclaw (npm) Apr 17, 2026
nicky-cc Credited to nicky-cc
OpenClaw: Browser tabs action select and close routes bypassed SSRF policy Moderate
GHSA-rj2p-j66c-mgqh was published for openclaw (npm) Apr 17, 2026
nicky-cc Credited to nicky-cc
OpenClaw `node.pair.approve` placed in `operator.write` scope instead of `operator.pairing` allows unprivileged pairing approval Moderate
GHSA-67mf-f936-ppxf was published for openclaw (npm) Apr 9, 2026
nicky-cc Credited to nicky-cc
OpenClaw `node.invoke(browser.proxy)` bypasses `browser.request` persistent profile-mutation guard Moderate
GHSA-cmfr-9m2r-xwhq was published for openclaw (npm) Apr 9, 2026
nicky-cc Credited to nicky-cc
OpenClaw `device.token.rotate` mints tokens for unapproved roles, bypassing device role-upgrade pairing Moderate
GHSA-whf9-3hcx-gq54 was published for openclaw (npm) Apr 9, 2026
nicky-cc Credited to nicky-cc
OpenClaw SSRF guard misses four IPv6 special-use ranges Low
GHSA-g86v-f9qv-rh6m was published for openclaw (npm) Mar 31, 2026
nicky-cc Credited to nicky-cc
OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override Moderate
GHSA-m866-6qv5-p2fg was published for openclaw (npm) Mar 31, 2026
nicky-cc Credited to nicky-cc
OpenClaw safeBins jq `$ENV` filter bypass allows environment variable disclosure High
GHSA-jccr-rrw2-vc8h was published for openclaw (npm) Mar 31, 2026
nicky-cc Credited to nicky-cc
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database