GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,260
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,483
Swift
61
Unreviewed advisories
All unreviewed
5,000+
53 advisories
Filter by severity
OpenClaw: Native command authorization could skip owner-command enforcement
High
GHSA-p73f-w79w-jqr5
was published
for
openclaw
(npm)
Jul 2, 2026
OpenClaw: Telegram interactive callbacks could skip commands.allowFrom
High
GHSA-w5ww-7chg-mxcq
was published
for
openclaw
(npm)
Jul 2, 2026
OpenClaw: MCP loopback could skip owner-only tool policy for non-owner callers
Moderate
CVE-2026-53818
was published
for
openclaw
(npm)
Jul 2, 2026
OpenClaw: Feishu dynamic-agent bindings could miss configWrites enforcement
Low
GHSA-3wqp-prf6-2m72
was published
for
openclaw
(npm)
Jul 2, 2026
OpenClaw: Embedded runner policy could be confused by provider aliases
Moderate
CVE-2026-53809
was published
for
openclaw
(npm)
Jul 2, 2026
OpenClaw: QQBot pre-dispatch slash commands could skip allowFrom checks
Moderate
GHSA-77pv-3w4q-vrj5
was published
for
openclaw
(npm)
Jul 2, 2026
OpenClaw: Mattermost handlers could fall open when channel type was missing
Moderate
GHSA-gp79-m99v-gjmh
was published
for
openclaw
(npm)
Jul 2, 2026
OpenClaw: Skill Workshop apply flow could override pending approval
Moderate
GHSA-cqwv-9qjx-vxw2
was published
for
openclaw
(npm)
Jul 2, 2026
OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state
Moderate
CVE-2026-53854
was published
for
openclaw
(npm)
Jun 18, 2026
OpenClaw: Empty-scope device re-pairing could confuse caller scope containment
Low
CVE-2026-53852
was published
for
openclaw
(npm)
Jun 18, 2026
OpenClaw: Focus command could miss controlScope enforcement
Moderate
CVE-2026-53850
was published
for
openclaw
(npm)
Jun 18, 2026
OpenClaw: memory-wiki shared search could miss session visibility checks
Moderate
CVE-2026-53844
was published
for
openclaw
(npm)
Jun 18, 2026
OpenClaw: Skill-command dispatch could skip before-tool-call hooks
Low
CVE-2026-53845
was published
for
openclaw
(npm)
Jun 18, 2026
OpenClaw: Active Memory write scope could mutate global config
Moderate
CVE-2026-53847
was published
for
openclaw
(npm)
Jun 18, 2026
OpenClaw: macOS Swift exec allowlist missed combined POSIX inline flags
Moderate
CVE-2026-53861
was published
for
openclaw
(npm)
Jun 18, 2026
OpenClaw: Tool group policy callers could accept unvalidated group IDs
Moderate
CVE-2026-53863
was published
for
openclaw
(npm)
Jun 18, 2026
Mermaid: Improper sanitization of configuration leads to CSS injection
Moderate
CVE-2026-41159
was published
for
mermaid
(npm)
May 11, 2026
Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection
Moderate
CVE-2026-41149
was published
for
mermaid
(npm)
May 11, 2026
OpenClaw's gateway config mutation guard allowed unsafe model-driven config writes
High
GHSA-cwj3-vqpp-pmxr
was published
for
openclaw
(npm)
May 5, 2026
OpenClaw's Gateway Control UI bootstrap config required Gateway auth
Moderate
GHSA-93rg-2xm5-2p9v
was published
for
openclaw
(npm)
May 4, 2026
OpenClaw's ACP child sessions inherit subagent security envelope constraints
Moderate
CVE-2026-44997
was published
for
openclaw
(npm)
May 4, 2026
OpenClaw: Webchat audio embedding could read local files without local-root containment
Moderate
GHSA-gfg9-5357-hv4c
was published
for
openclaw
(npm)
Apr 29, 2026
OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners
Moderate
CVE-2026-44991
was published
for
openclaw
(npm)
Apr 29, 2026
OpenClaw: Agent gateway config mutations could change protected operator settings
Moderate
GHSA-7jm2-g593-4qrc
was published
for
openclaw
(npm)
Apr 25, 2026
OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy
Moderate
GHSA-qrp5-gfw2-gxv4
was published
for
openclaw
(npm)
Apr 25, 2026
ProTip!
Advisories are also available from the
GraphQL API