GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
59 advisories
1Panel – CAPTCHA Bypass via Client-Controlled Flag
High
CVE-2025-66507
was published
for
github.com/1Panel-dev/1Panel
(Go)
Dec 8, 2025
Cube Core is vulnerable to privilege escalation via a specially crafted request
High
CVE-2026-25958
was published
for
@cubejs-backend/server-core
(npm)
Feb 10, 2026
OpenClaw: Command hijacking via unsafe PATH handling (bootstrapping + node-host PATH overrides)
High
CVE-2026-29610
was published
for
openclaw
(npm)
Feb 18, 2026
OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions
Moderate
CVE-2026-32057
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw improperly parses X-Forwarded-For behind trusted proxies allows client IP spoofing in security decisions
Moderate
CVE-2026-32029
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's Zalouser allowlist authorization matched mutable group names by default
Moderate
GHSA-f5mf-3r52-r83w
was published
for
openclaw
(npm)
Mar 13, 2026
Vikunja has a Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers
Moderate
CVE-2026-29794
was published
for
code.vikunja.io/api
(Go)
Mar 20, 2026
OpenClaw: Synology Chat reply delivery could be rebound through username-based user resolution.
Moderate
CVE-2026-35670
was published
for
openclaw
(npm)
Mar 26, 2026
OpenClaw: Nextcloud Talk room allowlist matched colliding room names instead of stable room tokens
Low
CVE-2026-35624
was published
for
openclaw
(npm)
Mar 26, 2026
OpenClaw's Conflicting Tool Identity Hints Bypass Dangerous-Tool Prompting
Moderate
CVE-2026-35655
was published
for
openclaw
(npm)
Mar 26, 2026
ProTip!
Advisories are also available from the
GraphQL API