GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
OpenClaw's device removal and token revocation do not terminate active WebSocket sessions
High
CVE-2026-34503
was published
for
openclaw
(npm)
Mar 31, 2026
OpenClaw's message tool media parameter bypasses tool policy filesystem isolation
High
CVE-2026-33581
was published
for
openclaw
(npm)
Mar 31, 2026
OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host
High
CVE-2026-41364
was published
for
openclaw
(npm)
Apr 2, 2026
OpenClaw: OpenShell Mirror Sync — Sandbox Escape via Unrestricted File Sync + Symlink Traversal
High
CVE-2026-41397
was published
for
openclaw
(npm)
Apr 3, 2026
OpenClaw: MS Teams webhook parses body before JWT validation, enabling unauthenticated resource exhaustion
High
CVE-2026-41405
was published
for
openclaw
(npm)
Apr 3, 2026
OpenClaw: Device-Paired Node Skips Node Scope Gate → Host RCE.md
High
CVE-2026-41352
was published
for
openclaw
(npm)
Apr 3, 2026
OpenClaw: Paired node escalates to gateway RCE via unrestricted node.event agent dispatch
High
CVE-2026-41378
was published
for
openclaw
(npm)
Apr 3, 2026
ProTip!
Advisories are also available from the
GraphQL API