Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,430
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,680
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

28,576 advisories

Loading
Django has a Race Condition vulnerability Low
CVE-2026-25674 was published for Django (pip) Mar 3, 2026
Rancher cloud credentials can be used through proxy API by users without access Critical
CVE-2021-25320 was published for github.com/rancher/rancher (Go) Mar 3, 2026
Rancher's restricted PodSecurityPolicy does not prevent containers from running as a privileged user High
GHSA-hwm2-4ph6-w6m5 was published for github.com/rancher/rancher (Go) Mar 3, 2026
Rancher's weave CNI password is not configured when a cluster is created from an RKE template Moderate
CVE-2022-21951 was published for github.com/rancher/rancher (Go) Mar 3, 2026
Rancher has downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB) Critical
CVE-2022-31247 was published for github.com/rancher/rancher (Go) Mar 3, 2026
Rancher doesn't properly sanitize credentials in cluster template answers Critical
CVE-2021-36783 was published for github.com/rancher/rancher (Go) Mar 3, 2026
Rancher's Azure AD permission changes are not reflected on active sessions High
CVE-2023-22648 was published for github.com/rancher/rancher (Go) Mar 3, 2026
yvespp Credited to yvespp
Apache Ranger has a Code Injection vulnerability Critical
CVE-2025-59059 was published for org.apache.ranger:ranger-plugins-common (Maven) Mar 3, 2026
Apache Ranger Vulnerable to Improper Validation of Certificate with Host Mismatch Moderate
CVE-2025-59060 was published for org.apache.ranger:ranger-nifi-registry-plugin (Maven) Mar 3, 2026
@tootallnate/once vulnerable to Incorrect Control Flow Scoping Low
CVE-2026-3449 was published for @tootallnate/once (npm) Mar 3, 2026
mailparser vulnerable to Cross-site Scripting Low
CVE-2026-3455 was published for mailparser (npm) Mar 3, 2026
OpenClaw: macOS optional allowlist basename matching could bypass path-based policy Moderate
CVE-2026-32016 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has system.run shell-wrapper env injection via SHELLOPTS/PS4 can bypass allowlist intent (RCE) High
CVE-2026-32003 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Node reconnect metadata spoofing could bypass platform-based node command policy High
CVE-2026-32014 was published for openclaw (npm) Mar 3, 2026
76embiid21 Credited to 76embiid21
OpenClaw: macOS beta onboarding exposed PKCE verifier via OAuth state Moderate
GHSA-6g25-pc82-vfwp was published for openclaw (npm) Mar 3, 2026
zdi-disclosures Credited to zdi-disclosures
OpenClaw has hook auth rate limiter bypass via IPv4-mapped IPv6 client key variants Moderate
GHSA-5847-rm3g-23mw was published for openclaw (npm) Mar 3, 2026
OpenClaw's avatar symlink traversal can expose out-of-workspace local files Moderate
CVE-2026-32024 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has a sandbox network isolation bypass via docker.network=container:<id> Moderate
CVE-2026-32038 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw: Node system.run approval bypass via parent-symlink cwd rebind High
CVE-2026-27545 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw: Message action attachment hydration bypasses local media root checks when sandboxRoot is unset High
CVE-2026-27522 was published for openclaw (npm) Mar 2, 2026
GCXWLP Credited to GCXWLP
OpenClaw: system.run approval identity mismatch could execute a different binary than displayed Moderate
CVE-2026-32065 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw: Gateway /tools/invoke tool escalation + ACP permission auto-approval High
GHSA-943q-mwmv-hhvh was published for openclaw (npm) Mar 2, 2026
aether-ai-agent Credited to aether-ai-agent
OpenClaw Vulnerable to Remote Code Execution via Node Invoke Approval Bypass in Gateway Critical
CVE-2026-28466 was published for openclaw (npm) Mar 2, 2026
222n5 Credited to 222n5
OpenClaw vulnerable to path traversal (Zip Slip) in archive extraction during explicit installation commands Moderate
CVE-2026-28486 was published for openclaw (npm) Mar 2, 2026
markmusson Credited to markmusson
OpenClaw's sandbox skill mirroring path traversal vulnerability could write outside the sandbox workspace Moderate
CVE-2026-28457 was published for openclaw (npm) Mar 2, 2026
1seal Credited to 1seal
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database