Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
57
GitHub Actions
50
Go
3,767
Maven
5,000+
npm
5,000+
NuGet
937
pip
4,999
Pub
13
RubyGems
1,058
Rust
1,347
Swift
54
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
OpenClaw: Workspace dotenv files cannot override connector endpoint hosts Moderate
GHSA-55cf-xx38-4p9p was published for openclaw (npm) May 4, 2026
qi-scape Credited to qi-scape
OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config Moderate
GHSA-mj59-h3q9-ghfh was published for openclaw (npm) Apr 25, 2026
garagon Credited to garagon
OpenClaw: Incomplete host-env-security-policy allows untrusted model to substitute compiler binaries via env overrides High
CVE-2026-41373 was published for openclaw (npm) Apr 3, 2026
tdjackey Credited to tdjackey
OpenClaw's hook transform module path allows traversal and arbitrary JavaScript module loading High
CVE-2026-28393 was published for openclaw (npm) Mar 3, 2026
akhmittra Credited to akhmittra
OpenClaw affected by potential code execution via unsafe hook module path handling in Gateway High
CVE-2026-28456 was published for openclaw (npm) Feb 18, 2026
222n5 Credited to 222n5
OpenClaw: Command hijacking via unsafe PATH handling (bootstrapping + node-host PATH overrides) High
CVE-2026-29610 was published for openclaw (npm) Feb 18, 2026
akhmittra Credited to akhmittra
Mattermost Desktop App Uncontrolled Search Path Vulnerability Moderate
CVE-2024-39613 was published for mattermost-desktop (npm) Sep 16, 2024
electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only) High
CVE-2024-27303 was published for app-builder-lib (npm) Mar 4, 2024
bruno-1337 Credited to bruno-1337
Duplicate Advisory: Kerberos for NodeJS allows DLL Injection High
GHSA-f478-xwv9-p93q was published for kerberos (npm) May 24, 2022 withdrawn
DLL Injection in kerberos High
CVE-2020-13110 was published for kerberos (npm) Sep 4, 2020
jhutchings1 Credited to jhutchings1
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database