Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

9 advisories

Loading
OpenClaw: Isolated cron awareness events were recorded as trusted system events Low
GHSA-57r2-h2wj-g887 was published for openclaw (npm) Apr 25, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
OpenClaw: Microsoft Teams SSO invoke handler missed sender authorization checks Low
GHSA-gc9r-867r-j85f was published for openclaw (npm) Apr 17, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
OpenClaw: Delivery queue recovery could lose group tool-policy context for media replay Low
GHSA-r77c-2cmr-7p47 was published for openclaw (npm) Apr 17, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
OpenClaw: Gateway plugin HTTP `auth: gateway` widens identity-bearing `operator.read` requests into runtime `operator.write` Low
CVE-2026-42429 was published for openclaw (npm) Apr 9, 2026
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenClaw: Zalo replay dedupe cache could suppress events across authenticated webhook targets Low
GHSA-fqrj-m88p-qf3v was published for openclaw (npm) Apr 7, 2026
nexrin Credited to nexrin, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
OpenClaw: Tlon Startup Migration Rehydrates Empty-Array Revocations From File Config Low
CVE-2026-41388 was published for openclaw (npm) Apr 3, 2026
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenClaw: Gateway `device.token.rotate` does not terminate active WebSocket sessions after credential rotation Low
GHSA-rfqg-qgf8-xr9x was published for openclaw (npm) Apr 3, 2026
zsxsoft Credited to zsxsoft and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenClaw: Zalo webhook replay cache cross-target messageId scope bypass Low
CVE-2026-41402 was published for openclaw (npm) Apr 2, 2026
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection Low
GHSA-89r3-6x4j-v7wf was published for openclaw (npm) Apr 2, 2026
zsxsoft Credited to zsxsoft and KeenSecurityLab KeenSecurityLab KeenSecurityLab
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database