GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
8 advisories
OpenClaw: Reject symlinks in local skill packaging script
Moderate
CVE-2026-27485
was published
for
openclaw
(npm)
Feb 20, 2026
OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows
Low
CVE-2026-27484
was published
for
openclaw
(npm)
Feb 20, 2026
OpenClaw session tool visibility hardening and Telegram webhook secret fallback
Moderate
CVE-2026-27004
was published
for
openclaw
(npm)
Feb 18, 2026
OpenClaw: Telegram bot token exposure via logs
Moderate
CVE-2026-27003
was published
for
openclaw
(npm)
Feb 18, 2026
OpenClaw: Docker container escape via unvalidated bind mount config injection
High
CVE-2026-27002
was published
for
openclaw
(npm)
Feb 18, 2026
OpenClaw: Unsanitized CWD path injection into LLM prompts
High
CVE-2026-27001
was published
for
openclaw
(npm)
Feb 18, 2026
OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process Cleanup
Moderate
CVE-2026-27486
was published
for
openclaw
(npm)
Feb 18, 2026
OpenClaw: Prevent shell injection in macOS keychain credential write
High
CVE-2026-27487
was published
for
openclaw
(npm)
Feb 18, 2026
ProTip!
Advisories are also available from the
GraphQL API