Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
n8n has an SSO Enforcement Bypass in its Self-Service Settings API Moderate
GHSA-vjf3-2gpj-233v was published for n8n (npm) Feb 26, 2026
stanislavfortaisle Credited to stanislavfortaisle
OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning High
CVE-2026-26327 was published for openclaw (npm) Feb 18, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
OpenClaw skills.status could leak secrets to operator.read clients Moderate
CVE-2026-26326 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
OpenClaw has an inbound allowlist policy bypass in voice-call extension (empty caller ID + suffix matching) Critical
GHSA-4rj2-gpmh-qq5x was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek, stanislavfortaisle, and MegaManSec stanislavfortaisle stanislavfortaisle
MegaManSec MegaManSec
OpenClaw has a potential access-group authorization bypass if channel type lookup fails Critical
GHSA-fhvm-j76f-qmjv was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
OpenClaw's unauthenticated Nostr profile HTTP endpoints allow remote profile/config tampering Moderate
GHSA-mv9j-6xhh-g383 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
OpenClaw affected by SSRF via attachment/media URL hydration Moderate
GHSA-wfp2-v9c7-fh79 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
OpenClaw has a webhook auth bypass when gateway is behind a reverse proxy (loopback remoteAddress trust) Moderate
GHSA-xc7w-v5x6-cc87 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
OpenClaw has an exec allowlist bypass via command substitution/backticks inside double quotes High
GHSA-3hcm-ggvf-rch5 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
OpenClaw's Windows cmd.exe parsing may bypass exec allowlist/approval gating High
GHSA-qj77-c3c8-9c3q was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
OpenClaw's gateway connect could skip device identity checks when auth.token was present but not yet validated Critical
GHSA-rv39-79c4-7459 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database