Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

81 advisories

Loading
fickling's `platform` module subprocess invocation evades `check_safety()` with `LIKELY_SAFE` Moderate
GHSA-5cxw-w2xg-2m8h was published for fickling (pip) Mar 13, 2026
mldangelo Credited to mldangelo
fickling modules linecache, difflib and gc are missing from the unsafe modules blocklist Moderate
GHSA-r48f-3986-4f9c was published for fickling (pip) Mar 13, 2026
fg0x0 Credited to fg0x0
OpenClaw: fetch-guard forwards custom authorization headers across cross-origin redirects High
GHSA-6mgf-v5j7-45cr was published for openclaw (npm) Mar 9, 2026
Rickidevs Credited to Rickidevs
OpenClaw's system.run allowlist approval parsing missed PowerShell encoded-command wrappers Moderate
GHSA-3h2q-j2v4-6w5r was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey
SageMaker Python SDK replaced eval() with safe parser in JumpStart search functionality High
GHSA-5r2p-pjr8-7fh7 was published for sagemaker (pip) Mar 5, 2026
daridor9 Credited to daridor9
Fickling missing RCE-capable modules in UNSAFE_IMPORTS High
GHSA-5hwf-rc88-82xm was published for fickling (pip) Mar 4, 2026
yash2998chhabria Credited to yash2998chhabria
In OpenClaw, manually adding sort to tools.exec.safeBins could bypass allowlist approval via --compress-program High
GHSA-4gc7-qcvf-38wg was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw exec allowlist safeBins short-option bypass could permit arbitrary file write Moderate
GHSA-3x3x-h76w-hp98 was published for openclaw (npm) Mar 3, 2026
FailButWin Credited to FailButWin and Redgrave961 Redgrave961 Redgrave961
OpenClaw's tools.exec.safeBins sort long-option abbreviation bypass can skip exec approval in allowlist mode High
CVE-2026-32059 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL High
GHSA-p4wh-cr8m-gm6c was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
Craft CMS has Twig Function Blocklist Bypass Moderate
CVE-2026-28783 was published for craftcms/cms (Composer) Mar 3, 2026
mHe4am Credited to mHe4am
PickleScan has multiple stdlib modules with direct RCE not in blocklist Critical
GHSA-g38g-8gr9-h9xp was published for picklescan (pip) Mar 3, 2026
yash2998chhabria Credited to yash2998chhabria
PickleScan's profile.run blocklist mismatch allows exec() bypass Critical
GHSA-7wx9-6375-f5wh was published for picklescan (pip) Mar 3, 2026
yash2998chhabria Credited to yash2998chhabria
OpenClaw safeBins grep -e File Read Bypass (stdin-only policy bypass) Moderate
GHSA-3xfw-4pmr-4xc5 was published for openclaw (npm) Mar 3, 2026
athuljayaram Credited to athuljayaram
OpenClaw has allowlist exec-guard bypass via env -S Moderate
GHSA-48wf-g7cp-gr3m was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's exec allow-always can be bypassed via unrecognized multiplexer shell wrappers (busybox/toybox sh -c) Moderate
GHSA-gwqp-86q6-w47g was published for openclaw (npm) Mar 2, 2026
jiseoung Credited to jiseoung
OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains Low
GHSA-5f9p-f3w2-fwch was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw is vulnerable to validation bypass through GNU long-option abbreviations in allowlist mode Critical
CVE-2026-28363 was published for openclaw (npm) Feb 27, 2026
Fickling has safety check bypass via REDUCE+BUILD opcode sequence Moderate
GHSA-mhc9-48gj-9gp3 was published for fickling (pip) Feb 25, 2026
yash2998chhabria Credited to yash2998chhabria
IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame.... High Unreviewed
CVE-2026-1773 was published Feb 24, 2026
Fickling has a detection bypass via stdlib network-protocol constructors Low
GHSA-83pf-v6qq-pwmr was published for fickling (pip) Feb 20, 2026
NucleiAv Credited to NucleiAv
OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags Low
GHSA-4685-c5cp-vp95 was published for openclaw (npm) Feb 19, 2026
nedlir Credited to nedlir
Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER High
GHSA-97f8-7cmv-76j2 was published for picklescan (pip) Feb 18, 2026
zpbrent Credited to zpbrent
FUXA Affected by a Path Traversal Sanitization Bypass High
CVE-2026-25951 was published for fuxa-server (npm) Feb 10, 2026
h1dr1 Credited to h1dr1
Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist High
CVE-2026-22609 was published for fickling (pip) Jan 9, 2026
mldangelo Credited to mldangelo
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database