Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

9 advisories

Loading
OpenClaw's Discord component interaction ingress skips guild/channel policy enforcement Moderate
GHSA-jp4j-q5fc-58gv was published for openclaw (npm) Mar 31, 2026
nexrin Credited to nexrin, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
OpenClaw: LINE webhook handler lacks shared pre-auth concurrency budget before signature verification Moderate
GHSA-qcc3-jqwp-5vh2 was published for openclaw (npm) Apr 2, 2026
nexrin Credited to nexrin and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenClaw: Discord Slash Commands Bypass Group DM Channel Allowlist Moderate
GHSA-rvvf-6vh3-9j43 was published for openclaw (npm) Apr 3, 2026
nexrin Credited to nexrin and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenClaw: Bonjour/DNS-SD TXT metadata steers CLI routing after failed service resolution Moderate
CVE-2026-35659 was published for openclaw (npm) Mar 26, 2026
nexrin Credited to nexrin, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
OpenClaw: Synology Chat reply delivery could be rebound through username-based user resolution. Moderate
CVE-2026-35670 was published for openclaw (npm) Mar 26, 2026
nexrin Credited to nexrin, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message Moderate
GHSA-6336-qqw9-v6x6 was published for openclaw (npm) Apr 3, 2026
nexrin Credited to nexrin, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
OpenClaw: iOS A2UI bridge trusted generic local-network pages for agent.request dispatch Moderate
GHSA-4p4f-fc8q-84m3 was published for openclaw (npm) Apr 7, 2026
nexrin Credited to nexrin, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
OpenClaw has ACP CLI approval prompt ANSI escape sequence injection Moderate
CVE-2026-35651 was published for openclaw (npm) Mar 29, 2026
nexrin Credited to nexrin, KeenSecurityLab, qclawer, anlakii, and simon-reisinger-dynatrace KeenSecurityLab KeenSecurityLab
qclawer qclawer anlakii anlakii simon-reisinger-dynatrace simon-reisinger-dynatrace
OpenClaw: Workspace dotenv MiniMax host override could redirect credentialed requests Moderate
GHSA-h2vw-ph2c-jvwf was published for openclaw (npm) Apr 25, 2026
nexrin Credited to nexrin
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database