Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

133 advisories

Loading
OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup Moderate
GHSA-42mx-vp8m-j7qh was published for openclaw (npm) Apr 7, 2026
tdjackey Credited to tdjackey
OpenClaw: `session_status` still bypasses configured `tools.sessions.visibility` for unsandboxed invocations Moderate
GHSA-fwjq-xwfj-gv75 was published for openclaw (npm) Apr 7, 2026
tdjackey Credited to tdjackey
OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode Low
CVE-2026-32970 was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes Critical
CVE-2026-32916 was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
OpenClaw's skills-install-download can be redirected outside the tools root by rebinding the validated base path Moderate
CVE-2026-33574 was published for openclaw (npm) Mar 12, 2026
tdjackey Credited to tdjackey
OpenClaw: Node-host approvals could show misleading shell payloads instead of the executed argv High
CVE-2026-32971 was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
OpenClaw's system.run approvals did not bind mutable script operands across approval and execution Moderate
CVE-2026-32921 was published for openclaw (npm) Mar 12, 2026
tdjackey Credited to tdjackey
OpenClaw: Unbound interpreter and runtime commands could bypass node-host approval integrity High
CVE-2026-32979 was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
OpenClaw: Unrecognized script runners could bypass `system.run` approval integrity High
CVE-2026-32978 was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
OpenClaw: Unbound bootstrap setup codes allow privilege escalation during pairing High
GHSA-gg9v-mgcp-v6m7 was published for openclaw (npm) Apr 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables Moderate
GHSA-cg7q-fg22-4g98 was published for openclaw (npm) Apr 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Incomplete host-env-security-policy allows untrusted model to substitute compiler binaries via env overrides High
GHSA-g8xp-qx39-9jq9 was published for openclaw (npm) Apr 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Self-Whitelisting in appendLocalMediaParentRoots Allows Arbitrary File Read & Credential Exfiltration High
GHSA-57gh-m6rq-54cf was published for openclaw (npm) Apr 3, 2026
tdjackey Credited to tdjackey
OpenClaw: SSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery Moderate
GHSA-9q7v-8mr7-g23p was published for openclaw (npm) Apr 2, 2026
tdjackey Credited to tdjackey
`OpenClaw: session_status` let sandboxed subagents access parent or sibling session state High
CVE-2026-32918 was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
OpenClaw has a CWD `.env` environment variable injection which bypasses host-env policy and allows config takeover Critical
GHSA-8rh7-6779-cjqq was published for openclaw (npm) Apr 1, 2026
tdjackey Credited to tdjackey
OpenClaw's incomplete host env sanitization blocklist allows supply-chain redirection via package-manager env overrides Critical
GHSA-j7p2-qcwm-94v4 was published for openclaw (npm) Mar 31, 2026
tdjackey Credited to tdjackey
OpenClaw: Discord text `/approve` bypasses `channels.discord.execApprovals.approvers` and allows non-approvers to resolve pending exec approvals High
GHSA-98hh-7ghg-x6rq was published for openclaw (npm) Mar 31, 2026
tdjackey Credited to tdjackey
OpenClaw: Non-owner command-authorized sender can change the owner-only `/send` session delivery policy Moderate
GHSA-39mp-545q-w789 was published for openclaw (npm) Mar 30, 2026
tdjackey Credited to tdjackey
OpenClaw: `browser.request` still allows `POST /reset-profile` through the `operator.write` surface High
GHSA-xp9r-prpg-373r was published for openclaw (npm) Mar 30, 2026
tdjackey Credited to tdjackey
OpenClaw: Mutating internal `/allowlist` chat commands missed `operator.admin` scope enforcement Moderate
GHSA-vqvg-86cc-cg83 was published for openclaw (npm) Mar 30, 2026
tdjackey Credited to tdjackey
OpenClaw: Slack interactive callbacks could skip configured sender checks in some shared-workspace flows High
CVE-2026-32005 was published for openclaw (npm) Mar 4, 2026
tdjackey Credited to tdjackey
OpenClaw has a BlueBubbles group allowlist mismatch via DM pairing-store fallback Moderate
CVE-2026-32006 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Experimental apply_patch may bypass workspace-only checks in opt-in sandbox mounts (off by default) High
CVE-2026-32007 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's dispatch-wrapper depth-cap mismatch can bypass shell-wrapper approval gating in system.run allowlist mode Moderate
CVE-2026-32023 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database