GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,894 advisories
OpenClaw's image tool bypasses tools.fs.workspaceOnly on sandbox mount paths and exfiltrates out-of-workspace images
Moderate
GHSA-q6qf-4p5j-r25g
was published
for
openclaw
(npm)
Mar 4, 2026
OpenClaw's Zalo group sender allowlist bypass permits unauthorized GROUP dispatch
Moderate
GHSA-534w-2vm4-89xr
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's Synology Chat dmPolicy=allowlist failed open on empty allowedUserIds, allowing unauthorized agent dispatch
Moderate
GHSA-gw85-xp4q-5gp9
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Experimental apply_patch may bypass workspace-only checks in opt-in sandbox mounts (off by default)
Moderate
GHSA-h9xm-j4qg-fvpg
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's dispatch-wrapper depth-cap mismatch can bypass shell-wrapper approval gating in system.run allowlist mode
Moderate
GHSA-ccg8-46r6-9qgj
was published
for
openclaw
(npm)
Mar 3, 2026
Temporary path handling could write outside OpenClaw temp boundary
Moderate
GHSA-33hm-cq8r-wc49
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has a sandbox network isolation bypass via docker.network=container:<id>
Moderate
GHSA-ww6v-v748-x7g9
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns
Moderate
GHSA-p7gr-f84w-hqg5
was published
for
openclaw
(npm)
Mar 2, 2026
Gradio has an Open Redirect in its OAuth Flow
Moderate
CVE-2026-28415
was published
for
gradio
(pip)
Mar 1, 2026
Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations
Moderate
CVE-2026-22728
was published
for
github.com/bitnami-labs/sealed-secrets
(Go)
Feb 26, 2026
n8n has an SSO Enforcement Bypass in its Self-Service Settings API
Moderate
GHSA-vjf3-2gpj-233v
was published
for
n8n
(npm)
Feb 26, 2026
ProTip!
Advisories are also available from the
GraphQL API