GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
OpenClaw: Forged Nostr DMs could create pairing state before signature verification
Moderate
GHSA-h43v-27wg-5mf9
was published
for
openclaw
(npm)
Apr 7, 2026
OpenClaw: Pairing pending-request caps were enforced per channel instead of per account
Moderate
GHSA-wwfp-w96m-c6x8
was published
for
openclaw
(npm)
Apr 7, 2026
OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections
Moderate
GHSA-fh32-73r9-rgh5
was published
for
openclaw
(npm)
Apr 7, 2026
OpenClaw: Telegram legacy allowFrom migration fans default-account trust into all named accounts
Moderate
GHSA-f693-58pc-2gfr
was published
for
openclaw
(npm)
Apr 3, 2026
OpenClaw: diffs viewer misclassifies proxied remote requests as loopback when `allowRemoteViewer` is disabled
Moderate
GHSA-3xv9-89fm-7h4r
was published
for
openclaw
(npm)
Apr 3, 2026
OpenClaw: Strict browser SSRF bypass in Playwright redirect handling leaves private targets reachable
Moderate
GHSA-w8g9-x8gx-crmm
was published
for
openclaw
(npm)
Apr 9, 2026
OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication
Moderate
CVE-2026-35634
was published
for
openclaw
(npm)
Mar 26, 2026
ProTip!
Advisories are also available from the
GraphQL API