Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

136 advisories

Loading
OpenClaw's image tool bypasses tools.fs.workspaceOnly on sandbox mount paths and exfiltrates out-of-workspace images Moderate
CVE-2026-32002 was published for openclaw (npm) Mar 4, 2026
tdjackey Credited to tdjackey
OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access Low
CVE-2026-32067 was published for openclaw (npm) Mar 4, 2026
tdjackey Credited to tdjackey
OpenClaw: Slack interactive callbacks could skip configured sender checks in some shared-workspace flows High
CVE-2026-32005 was published for openclaw (npm) Mar 4, 2026
tdjackey Credited to tdjackey
OpenClaw's Node role device-identity bypass allows unauthorized node.event injection Moderate
CVE-2026-32001 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has Windows Lobster shell fallback command injection in constrained fallback path Moderate
CVE-2026-31995 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's Zalo group sender allowlist bypass permits unauthorized GROUP dispatch Moderate
GHSA-534w-2vm4-89xr was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's exec allowlist wrapper analysis did not unwrap env/shell dispatch chains High
CVE-2026-27566 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks Moderate
CVE-2026-32050 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's sandbox bind validation could bypass allowed-root and blocked-path checks via symlink-parent missing-leaf paths High
CVE-2026-27523 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Zip extraction symlink traversal could write outside destination High
GHSA-jxrq-8fm4-9p58 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's tools.exec.safeBins generic fallback allowed interpreter-style inline payload execution in allowlist mode Low
GHSA-8mf7-vv8w-hjr2 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's Synology Chat dmPolicy=allowlist failed open on empty allowedUserIds, allowing unauthorized agent dispatch Moderate
CVE-2026-31998 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
In OpenClaw, manually adding sort to tools.exec.safeBins could bypass allowlist approval via --compress-program Moderate
CVE-2026-32010 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has a BlueBubbles group allowlist mismatch via DM pairing-store fallback Moderate
CVE-2026-32006 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's voice-call Twilio replay dedupe now bound to authenticated webhook identity Low
GHSA-gcj7-r3hg-m7w6 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Microsoft Teams media fetch paths bypass shared SSRF guard model Low
GHSA-7qf6-h84j-8fq4 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's non-default autoAllowSkills setting could bypass on-miss exec prompt High
GHSA-7ff8-xjh3-mgh6 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's shell startup env injection bypasses system.run allowlist intent (RCE class) High
CVE-2026-32056 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's runtime /debug override path accepted prototype-reserved keys Low
CVE-2026-27524 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has a workspace-only sandbox guard mismatch for @-prefixed absolute paths Moderate
CVE-2026-32033 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw affected by BASH_ENV / ENV startup-file injection into spawned shell commands High
GHSA-w9cg-v44m-4qv8 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Sandbox media fallback tmp symlink alias bypass allows host file reads outside sandboxRoot High
GHSA-xmv6-r34m-62p4 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw Improperly Neutralizes Line Breaks in systemd Unit Generation Enables Local Command Execution (Linux) High
CVE-2026-32063 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions Moderate
CVE-2026-32057 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw Loopback CDP probe can leak Gateway token to local listener Moderate
CVE-2026-22174 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database