豆豆友情提示:这是一个非官方 GitHub 代理镜像,主要用于网络测试或访问加速。请勿在此进行登录、注册或处理任何敏感信息。进行这些操作请务必访问官方网站 github.com。 Raw 内容也通过此代理提供。
Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

203 advisories

Loading
OpenClaw: Feishu webhook and card-action validation now fail closed Critical
GHSA-xh72-v6v9-mwhc was published for openclaw (npm) Apr 17, 2026
dhyabi2 Credited to dhyabi2
Duplicate Advisory: OpenClaw: Plivo V2 verified replay identity drifts on query-only variants High
GHSA-j56c-wpqm-h24x was published for openclaw (npm) Apr 10, 2026 withdrawn
OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection.... High Unreviewed
CVE-2026-30080 was published Apr 8, 2026
OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding Low
GHSA-37v6-fxx8-xjmx was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Zalo webhook replay cache cross-target messageId scope bypass Low
GHSA-hhq4-97c2-p447 was published for openclaw (npm) Apr 2, 2026
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection Low
GHSA-89r3-6x4j-v7wf was published for openclaw (npm) Apr 2, 2026
zsxsoft Credited to zsxsoft and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenClaw: Voice-call Plivo V3 webhook replay key uses unsorted URL, allowing replay via query-parameter reordering High
GHSA-8689-gm9g-jgr6 was published for openclaw (npm) Mar 31, 2026
zsxsoft Credited to zsxsoft and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing... Critical Unreviewed
CVE-2026-32987 was published Mar 29, 2026
mpp has multiple payment bypass and griefing vulnerabilities Critical
GHSA-fxc9-7j2w-vx54 was published for mpp (Rust) Mar 29, 2026
samczsun Credited to samczsun and veria-labs veria-labs veria-labs
mppx has multiple payment bypass and griefing vulnerabilities Critical
GHSA-8x4m-qw58-3pcx was published for mppx (npm) Mar 29, 2026
samczsun Credited to samczsun and veria-labs veria-labs veria-labs
mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality High
CVE-2026-34209 was published for mppx (npm) Mar 29, 2026
samczsun Credited to samczsun and veria-labs veria-labs veria-labs
Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth... Moderate Unreviewed
CVE-2026-27855 was published Mar 27, 2026
OpenClaw: Plivo V2 verified replay identity drifts on query-only variants High
CVE-2026-35618 was published for openclaw (npm) Mar 26, 2026
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
Duplicate Advisory: OpenClaw's voice-call Twilio webhook replay could bypass manager dedupe because normalized event IDs were randomized per parse Moderate
GHSA-3r78-rqg8-95gg was published for openclaw (npm) Mar 21, 2026 withdrawn
Duplicate Advisory: OpenClaw's Nextcloud Talk webhook replay could trigger duplicate inbound processing Moderate
GHSA-866c-wwm5-4rj7 was published for openclaw (npm) Mar 19, 2026 withdrawn
Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote... High Unreviewed
CVE-2026-20999 was published Mar 16, 2026
Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120... High Unreviewed
CVE-2025-13777 was published Mar 13, 2026
Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational... Critical Unreviewed
CVE-2026-30789 was published Mar 5, 2026
OpenClaw's Nextcloud Talk webhook replay could trigger duplicate inbound processing Moderate
CVE-2026-28449 was published for openclaw (npm) Mar 3, 2026
aristorechina Credited to aristorechina
OpenClaw's voice-call Twilio replay dedupe now bound to authenticated webhook identity Low
GHSA-gcj7-r3hg-m7w6 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's voice-call Twilio webhook replay could bypass manager dedupe because normalized event IDs were randomized per parse Moderate
CVE-2026-32053 was published for openclaw (npm) Mar 3, 2026
jiseoung Credited to jiseoung
OneUptime has WebAuthn 2FA bypass: server accepts client-supplied challenge instead of server-stored value, allowing credential replay High
CVE-2026-28787 was published for @oneuptime/common (npm) Mar 2, 2026
dorakemon Credited to dorakemon
Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allows attackers to... Critical Unreviewed
CVE-2025-67135 was published Feb 12, 2026
Crafted zones can lead to increased incoming network traffic. Moderate Unreviewed
CVE-2026-24027 was published Feb 9, 2026
Crafted delegations or IP fragments can poison cached delegations in Recursor. High Unreviewed
CVE-2025-59023 was published Feb 9, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database