Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

9 advisories

Loading
OpenClaw's system.run allowlist can be bypassed through an unregistered time dispatch wrapper High
CVE-2026-35666 was published for openclaw (npm) Mar 26, 2026
YLChen-007 Credited to YLChen-007
OpenClaw: Remote media error responses could trigger unbounded memory allocation before failure High
CVE-2026-35633 was published for openclaw (npm) Mar 26, 2026
YLChen-007 Credited to YLChen-007
YLChen-007 Credited to YLChen-007
YLChen-007 Credited to YLChen-007
OpenClaw: Agentic Consent Bypass — LLM Agent Can Silently Disable Exec Approval via `config.patch` High
GHSA-v3qc-wrwx-j3pw was published for openclaw (npm) Apr 3, 2026
YLChen-007 Credited to YLChen-007
YLChen-007 Credited to YLChen-007
Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server High
CVE-2026-41423 was published for @angular/platform-server (npm) Apr 16, 2026
YLChen-007 Credited to YLChen-007, alan-agius4, AndrewKushnir, and josephperrott alan-agius4 alan-agius4
AndrewKushnir AndrewKushnir josephperrott josephperrott
OpenClaw: MCP Streamable HTTP redirects could forward configured custom headers to another origin High
CVE-2026-53840 was published for openclaw (npm) Jun 17, 2026
YLChen-007 Credited to YLChen-007
OpenClaw: Shell inline-command parsing could miss an allowlist check High
CVE-2026-53866 was published for openclaw (npm) Jun 18, 2026
YLChen-007 Credited to YLChen-007
ProTip! Advisories are also available from the GraphQL API