GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
OpenClaw vulnerable to arbitrary file read via $include directive
Moderate
CVE-2026-32061
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Gateway /tools/invoke tool escalation + ACP permission auto-approval
High
GHSA-943q-mwmv-hhvh
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs
Moderate
CVE-2026-27576
was published
for
openclaw
(npm)
Feb 20, 2026
OpenClaw: Reject symlinks in local skill packaging script
Moderate
CVE-2026-27485
was published
for
openclaw
(npm)
Feb 20, 2026
OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows
Low
CVE-2026-27484
was published
for
openclaw
(npm)
Feb 20, 2026
OpenClaw session tool visibility hardening and Telegram webhook secret fallback
Moderate
CVE-2026-27004
was published
for
openclaw
(npm)
Feb 18, 2026
OpenClaw: Telegram bot token exposure via logs
Moderate
CVE-2026-27003
was published
for
openclaw
(npm)
Feb 18, 2026
OpenClaw: Docker container escape via unvalidated bind mount config injection
High
CVE-2026-27002
was published
for
openclaw
(npm)
Feb 18, 2026
OpenClaw: Unsanitized CWD path injection into LLM prompts
High
CVE-2026-27001
was published
for
openclaw
(npm)
Feb 18, 2026
OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process Cleanup
Moderate
CVE-2026-27486
was published
for
openclaw
(npm)
Feb 18, 2026
OpenClaw: Prevent shell injection in macOS keychain credential write
High
CVE-2026-27487
was published
for
openclaw
(npm)
Feb 18, 2026
ProTip!
Advisories are also available from the
GraphQL API