Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,585
Maven
5,000+
npm
5,000+
NuGet
923
pip
4,817
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

9 advisories

Loading
OpenClaw: Image Tool `tools.fs.workspaceOnly` Bypass via Sandbox Bridge Mounts Moderate
CVE-2026-35658 was published for openclaw (npm) Mar 26, 2026
YLChen-007 Credited to YLChen-007
OpenClaw: Shared reply MEDIA - paths are treated as trusted and can trigger cross-channel local file exfiltration Moderate
GHSA-qqq7-4hxc-x63c was published for openclaw (npm) Apr 9, 2026
threalwinky Credited to threalwinky
Electron: Named window.open targets not scoped to the opener's browsing context Moderate
CVE-2026-34765 was published for electron (npm) Apr 7, 2026
HO-9 Credited to HO-9 and HanJeouk HanJeouk HanJeouk
SandboxJS: Sandbox Escape via Prop Object Leak in New Handler Moderate
CVE-2026-34217 was published for @nyariv/sandboxjs (npm) Apr 3, 2026
chawdamrunal Credited to chawdamrunal
Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter) Moderate
CVE-2026-24473 was published for hono (npm) Jan 27, 2026
kilkat Credited to kilkat and JungJoonWoo JungJoonWoo JungJoonWoo
IPC messages delivered to the wrong frame in Electron Moderate
CVE-2020-26272 was published for electron (npm) Jan 28, 2021
nornagon Credited to nornagon and decsecre583 decsecre583 decsecre583
Pomelo allows external control of critical state data Moderate
CVE-2019-18954 was published for pomelo (npm) Dec 2, 2019
Exposure of Resource to Wrong Sphere in valib Moderate
CVE-2019-10805 was published for valib (npm) Apr 13, 2021
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API Moderate
CVE-2021-39184 was published for electron (npm) Oct 12, 2021
nornagon Credited to nornagon
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database