GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
943 advisories
SciTokens has an Authorization Bypass via Incorrect Scope Path Prefix Checking
High
CVE-2026-32716
was published
for
scitokens
(pip)
Mar 31, 2026
baserCMS has Mail Form Acceptance Bypass via Public API
Moderate
CVE-2026-30878
was published
for
baserproject/basercms
(Composer)
Mar 31, 2026
OpenClaw: Non-owner command-authorized sender can change the owner-only `/send` session delivery policy
Moderate
CVE-2026-35620
was published
for
openclaw
(npm)
Mar 30, 2026
OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State
Moderate
CVE-2026-35661
was published
for
openclaw
(npm)
Mar 29, 2026
OpenClaw Bypasses DM Policy Separation via Synology Chat Webhook Path Collision
Moderate
CVE-2026-35635
was published
for
openclaw
(npm)
Mar 26, 2026
OpenClaw leaf subagents can bypass controlScope restrictions to send messages to child sessions
Moderate
CVE-2026-35662
was published
for
openclaw
(npm)
Mar 26, 2026
OpenClaw: Tlon settings empty-allowlist reconciliation bypassed intended revocation
Low
CVE-2026-35649
was published
for
openclaw
(npm)
Mar 26, 2026
OpenClaw: Mattermost callback dispatch allowed non-allowlisted sender actions
Moderate
CVE-2026-35652
was published
for
openclaw
(npm)
Mar 26, 2026
Vikjuna: Link Share Hash Disclosure via ReadAll Endpoint Enables Permission Escalation
High
CVE-2026-33680
was published
for
code.vikunja.io/api
(Go)
Mar 25, 2026
Craft CMS has an authorization bypass which allows any control panel user to move entries without permissions
Moderate
CVE-2026-33162
was published
for
craftcms/cms
(Composer)
Mar 24, 2026
Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information
High
CVE-2026-32300
was published
for
opensource-workshop/connect-cms
(Composer)
Mar 23, 2026
ProTip!
Advisories are also available from the
GraphQL API