GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
27,250 advisories
OpenClaw bootstrap setup codes could be replayed to escalate pending pairing scopes before approval
High
GHSA-63f5-hhc7-cx6p
was published
for
openclaw
(npm)
Mar 16, 2026
OpenClaw Telegram media fetch errors exposed bot tokens in logged file URLs
Moderate
GHSA-xwcj-hwhf-h378
was published
for
openclaw
(npm)
Mar 16, 2026
SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface
Moderate
CVE-2026-32751
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 16, 2026
SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes
Moderate
CVE-2026-32750
was published
for
github.com/siyuan-note/siyuan
(Go)
Mar 16, 2026
SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write
High
CVE-2026-32749
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 16, 2026
SiYuan Vulnerable to Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure
Moderate
GHSA-xp2m-98x8-rpj6
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 16, 2026
SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets
Moderate
CVE-2026-32747
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 16, 2026
Parse Server has a stored XSS filter bypass via Content-Type MIME parameter and missing XML extension blocklist entries
High
CVE-2026-32728
was published
for
parse-server
(npm)
Mar 16, 2026
Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability
High
CVE-2026-32268
was published
for
craftcms/azure-blob
(Composer)
Mar 16, 2026
Amazon S3 for Craft CMS has an Information Disclosure vulnerability
Moderate
CVE-2026-32265
was published
for
craftcms/aws-s3
(Composer)
Mar 16, 2026
Craft CMS vulnerable to behavior injection RCE via EntryTypesController
High
CVE-2026-32263
was published
for
craftcms/cms
(Composer)
Mar 16, 2026
RCE via SSTI for users with permissions to access the Craft CMS Webhooks plugin
High
CVE-2026-32261
was published
for
craftcms/webhooks
(Composer)
Mar 16, 2026
SandboxJS has an execution-quota bypass (cross-sandbox currentTicks race) in SandboxJS timers
Moderate
CVE-2026-32723
was published
for
@nyariv/sandboxjs
(npm)
Mar 16, 2026
Stored XSS in Memray-generated HTML reports via unescaped command-line metadata
Low
CVE-2026-32722
was published
for
memray
(pip)
Mar 16, 2026
StudioCMS REST getUsers Exposes Owner Account Records to Admin Tokens
Low
CVE-2026-32638
was published
for
studiocms
(npm)
Mar 16, 2026
Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers
High
CVE-2026-32634
was published
for
Glances
(pip)
Mar 16, 2026
Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`
Critical
CVE-2026-32633
was published
for
Glances
(pip)
Mar 16, 2026
Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding
Moderate
CVE-2026-32632
was published
for
Glances
(pip)
Mar 16, 2026
Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements
High
CVE-2026-32611
was published
for
Glances
(pip)
Mar 16, 2026
Glances's Default CORS Configuration Allows Cross-Origin Credential Theft
High
CVE-2026-32610
was published
for
Glances
(pip)
Mar 16, 2026
ProTip!
Advisories are also available from the
GraphQL API