Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

101 advisories

Loading
OpenClaw Hook Session Key Override Enables Targeted Cross-Session Routing High
GHSA-hv93-r4j3-q65f was published for openclaw (npm) Feb 17, 2026
alpernae Credited to alpernae
Jervis Has Weak Random for Timing Attack Mitigation High
CVE-2025-68704 was published for net.gleske:jervis (Maven) Jan 13, 2026
gokey allows secret recovery from a seed file without the master password High
CVE-2025-13353 was published for github.com/cloudflare/gokey (Go) Dec 2, 2025
Duplicate Advisory: Juju makes Use of Weak Credentials High
GHSA-phh4-3hmm-24rx was published for github.com/juju/juju (Go) Oct 2, 2024 withdrawn
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities High
GHSA-xg9w-r469-m455 was published for zendframework/zendframework (Composer) Jun 7, 2024
Insecure random string generator used for sensitive data High
CVE-2023-46740 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz Credited to AdamKorcz
PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption High
CVE-2023-48056 was published for pypinksign (pip) Nov 16, 2023
Magento LTS's guest order "protect code" can be brute-forced too easily High
CVE-2023-41879 was published for openmage/magento-lts (Composer) Sep 11, 2023
theroch Credited to theroch, fballiano, and colinmollenhour fballiano fballiano
colinmollenhour colinmollenhour
ProTip! Advisories are also available from the GraphQL API