GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
29,521 advisories
Better Auth Has Two-Factor Authentication Bypass via Premature Session Caching (session.cookieCache)
Critical
GHSA-xg6x-h9c9-2m83
was published
for
better-auth
(npm)
Apr 3, 2026
OpenClaw: Sandbox escape via TOCTOU race in remote FS bridge readFile
Critical
GHSA-9p3r-hh9g-5cmg
was published
for
openclaw
(npm)
Apr 3, 2026
OpenClaw: Heartbeat context inheritance bypasses sandbox via senderIsOwner escalation
Critical
GHSA-g5cg-8x5w-7jpm
was published
for
openclaw
(npm)
Apr 2, 2026
Dgraph: Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization
Critical
CVE-2026-34976
was published
for
github.com/dgraph-io/dgraph
(Go)
Apr 2, 2026
fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key
Critical
CVE-2026-34950
was published
for
fast-jwt
(npm)
Apr 2, 2026
Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster
Critical
CVE-2026-4370
was published
for
github.com/juju/juju
(Go)
Apr 2, 2026
PraisonAI Has Authentication Bypass via OAuthManager.validate_token()
Critical
CVE-2026-34953
was published
for
praisonai
(pip)
Apr 1, 2026
PraisonAI Has Missing Authentication in WebSocket Gateway
Critical
CVE-2026-34952
was published
for
praisonai
(pip)
Apr 1, 2026
PraisonAI Has Second-Order SQL Injection in `get_all_user_threads`
Critical
CVE-2026-34934
was published
for
praisonai
(pip)
Apr 1, 2026
PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command()
Critical
CVE-2026-34935
was published
for
praisonai
(pip)
Apr 1, 2026
ProTip!
Advisories are also available from the
GraphQL API