GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
5 advisories
DOMPurify ADD_ATTR predicate skips URI validation
Moderate
GHSA-cjmm-f4jc-qw8r
was published
for
dompurify
(npm)
Apr 3, 2026
OpenClaw's incomplete host env sanitization blocklist allows supply-chain redirection via package-manager env overrides
Critical
GHSA-j7p2-qcwm-94v4
was published
for
openclaw
(npm)
Mar 31, 2026
Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk)
High
CVE-2026-33979
was published
for
express-xss-sanitizer
(npm)
Mar 27, 2026
Astro: Remote allowlist bypass via unanchored matchPathname wildcard
Low
CVE-2026-33769
was published
for
astro
(npm)
Mar 26, 2026
n8n: Webhook Node IP Whitelist Bypass via Partial String Matching
Moderate
CVE-2025-68949
was published
for
n8n
(npm)
Jan 13, 2026
ProTip!
Advisories are also available from the
GraphQL API