GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
9,649 advisories
OpenClaw's commands.allowFrom sender authorization accepted conversation identifiers via ctx.From
High
GHSA-2ch6-x3g4-7759
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's exec allowlist wrapper analysis did not unwrap env/shell dispatch chains
High
GHSA-jj82-76v6-933r
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's sandbox bind validation could bypass allowed-root and blocked-path checks via symlink-parent missing-leaf paths
High
CVE-2026-27523
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Zip extraction symlink traversal could write outside destination
High
GHSA-jxrq-8fm4-9p58
was published
for
openclaw
(npm)
Mar 3, 2026
In OpenClaw, manually adding sort to tools.exec.safeBins could bypass allowlist approval via --compress-program
High
CVE-2026-32010
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has multiple E2E/test Dockerfiles that run all processes as root
High
GHSA-w7j5-j98m-w679
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's non-default autoAllowSkills setting could bypass on-miss exec prompt
High
GHSA-7ff8-xjh3-mgh6
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's shell startup env injection bypasses system.run allowlist intent (RCE class)
High
GHSA-xgf2-vxv2-rrmg
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw affected by BASH_ENV / ENV startup-file injection into spawned shell commands
High
GHSA-w9cg-v44m-4qv8
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Sandbox media fallback tmp symlink alias bypass allows host file reads outside sandboxRoot
High
GHSA-xmv6-r34m-62p4
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's `tools.exec.safeBins` PATH-hijack allowed trojan binaries to bypass allowlist checks
High
CVE-2026-32015
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw Improperly Neutralizes Line Breaks in systemd Unit Generation Enables Local Command Execution (Linux)
High
CVE-2026-32063
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has a Command Injection via unescaped environment assignments in Windows Scheduled Task script generation
High
GHSA-pj5x-38rw-6fph
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's tools.exec.safeBins sort long-option abbreviation bypass can skip exec approval in allowlist mode
High
CVE-2026-32059
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has macOS `system.run` allowlist bypass via quoted command substitution
High
CVE-2026-22179
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling
High
CVE-2026-31994
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL
High
CVE-2026-22217
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: safeBins static default trusted dirs allow writable-dir binary hijack (`jq`)
High
CVE-2026-32009
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Sandboxed sessions_spawn(runtime="acp") bypassed sandbox inheritance and allowed host ACP initialization
High
GHSA-474h-prjg-mmw3
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: ZIP extraction race could write outside destination via parent symlink rebind
High
GHSA-r54r-wmmq-mh84
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: stageSandboxMedia destination symlink traversal can overwrite files outside sandbox workspace
High
CVE-2026-31990
was published
for
openclaw
(npm)
Mar 3, 2026
Craft CMS has IDOR via GraphQL @parseRefs
High
CVE-2026-28696
was published
for
craftcms/cms
(Composer)
Mar 3, 2026
ProTip!
Advisories are also available from the
GraphQL API