GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
210 advisories
OpenClaw: Feishu webhook and card-action validation now fail closed
Critical
GHSA-xh72-v6v9-mwhc
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: Browser SSRF policy default allowed private-network navigation
Moderate
GHSA-53vx-pmqw-863c
was published
for
openclaw
(npm)
Apr 17, 2026
paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass
Critical
GHSA-68qg-g8mg-6pr7
was published
for
@paperclipai/server
(npm)
Apr 10, 2026
Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist
Critical
CVE-2026-31818
was published
for
@budibase/backend-core
(npm)
Apr 3, 2026
DNS Rebinding Protection Disabled by Default in Model Context Protocol Go SDK for Servers Running on Localhost
High
CVE-2026-34742
was published
for
github.com/modelcontextprotocol/go-sdk
(Go)
Apr 1, 2026
@siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection
High
CVE-2026-31975
was published
for
@siteboon/claude-code-ui
(npm)
Mar 11, 2026
Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
Critical
CVE-2026-26190
was published
for
github.com/milvus-io/milvus
(Go)
Feb 11, 2026
FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration
Critical
CVE-2026-25894
was published
for
fuxa-server
(npm)
Feb 5, 2026
terraform-provider-proxmox has insecure sudo recommendation in the documentation
High
CVE-2026-25499
was published
for
github.com/bpg/terraform-provider-proxmox
(Go)
Feb 2, 2026
ProTip!
Advisories are also available from the
GraphQL API