Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,416
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,657
Pub
13
RubyGems
1,027
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

62 advisories

Loading
OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup Moderate
GHSA-42mx-vp8m-j7qh was published for openclaw (npm) Apr 7, 2026
tdjackey Credited to tdjackey
OpenClaw: `session_status` still bypasses configured `tools.sessions.visibility` for unsandboxed invocations Moderate
GHSA-fwjq-xwfj-gv75 was published for openclaw (npm) Apr 7, 2026
tdjackey Credited to tdjackey
OpenClaw: Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables Moderate
GHSA-cg7q-fg22-4g98 was published for openclaw (npm) Apr 3, 2026
tdjackey Credited to tdjackey
OpenClaw: SSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery Moderate
GHSA-9q7v-8mr7-g23p was published for openclaw (npm) Apr 2, 2026
tdjackey Credited to tdjackey
OpenClaw: Non-owner command-authorized sender can change the owner-only `/send` session delivery policy Moderate
GHSA-39mp-545q-w789 was published for openclaw (npm) Mar 30, 2026
tdjackey Credited to tdjackey
OpenClaw: Mutating internal `/allowlist` chat commands missed `operator.admin` scope enforcement Moderate
GHSA-vqvg-86cc-cg83 was published for openclaw (npm) Mar 30, 2026
tdjackey Credited to tdjackey
OpenClaw: Feishu webhook reads and parses unauthenticated request bodies before signature validation Moderate
GHSA-3h52-cx59-c456 was published for openclaw (npm) Mar 29, 2026
tdjackey Credited to tdjackey
OpenClaw Bypasses DM Policy Separation via Synology Chat Webhook Path Collision Moderate
GHSA-rqp8-q22p-5j9q was published for openclaw (npm) Mar 26, 2026
tdjackey Credited to tdjackey
OpenClaw: Write-scoped callers could reach admin-only session reset logic through `agent` Moderate
GHSA-jf6w-m8jw-jfxc was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
OpenClaw: Channel commands could bypass account-scoped `configWrites` restrictions Moderate
GHSA-8jhh-jcqg-mj5p was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
OpenClaw: /api/channels gateway-auth boundary bypass via path canonicalization mismatch Moderate
CVE-2026-32031 was published for openclaw (npm) Mar 12, 2026
tdjackey Credited to tdjackey
OpenClaw: Slack system events bypass sender authorization in member and message subtype handlers Moderate
CVE-2026-32895 was published for openclaw (npm) Mar 12, 2026
tdjackey Credited to tdjackey
OpenClaw's skills-install-download can be redirected outside the tools root by rebinding the validated base path Moderate
CVE-2026-33574 was published for openclaw (npm) Mar 12, 2026
tdjackey Credited to tdjackey
OpenClaw's system.run approvals did not bind mutable script operands across approval and execution Moderate
CVE-2026-32921 was published for openclaw (npm) Mar 12, 2026
tdjackey Credited to tdjackey
OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions Moderate
CVE-2026-27646 was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey
OpenClaw: system.run allow-always persistence included shell-commented payload tails Moderate
GHSA-9q2p-vc84-2rwm was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey
OpenClaw: `operator.write` chat.send could reach admin-only config writes Moderate
GHSA-hfpr-jhpq-x4rm was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey
OpenClaw: Cross-account sender authorization expansion in `/allowlist ... --store` account scoping Moderate
GHSA-pjvx-rx66-r3fg was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey
OpenClaw's system.run allowlist approval parsing missed PowerShell encoded-command wrappers Moderate
GHSA-3h2q-j2v4-6w5r was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey
OpenClaw's `system.run` env override filtering allowed dangerous helper-command pivots Moderate
GHSA-j425-whc4-4jgc was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey, SnailSploit, and zpbrent SnailSploit SnailSploit
zpbrent zpbrent
OpenClaw: BlueBubbles (optional plugin) pairing/allowlist mismatch when allowFrom is empty Moderate
CVE-2026-22170 was published for openclaw (npm) Mar 4, 2026
tdjackey Credited to tdjackey
OpenClaw's image tool bypasses tools.fs.workspaceOnly on sandbox mount paths and exfiltrates out-of-workspace images Moderate
CVE-2026-32002 was published for openclaw (npm) Mar 4, 2026
tdjackey Credited to tdjackey
OpenClaw's Node role device-identity bypass allows unauthorized node.event injection Moderate
CVE-2026-32001 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has Windows Lobster shell fallback command injection in constrained fallback path Moderate
CVE-2026-31995 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's Zalo group sender allowlist bypass permits unauthorized GROUP dispatch Moderate
GHSA-534w-2vm4-89xr was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database