GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3 advisories
OpenClaw has an inbound allowlist policy bypass in voice-call extension (empty caller ID + suffix matching)
Critical
CVE-2026-28446
was published
for
openclaw
(npm)
Feb 17, 2026
OpenClaw's gateway connect could skip device identity checks when auth.token was present but not yet validated
Critical
CVE-2026-28472
was published
for
openclaw
(npm)
Feb 17, 2026
OpenClaw has a potential access-group authorization bypass if channel type lookup fails
Critical
CVE-2026-28454
was published
for
openclaw
(npm)
Feb 17, 2026
ProTip!
Advisories are also available from the
GraphQL API