GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
8 advisories
OpenClaw: Plivo V2 verified replay identity drifts on query-only variants
High
GHSA-cg6c-q2hx-69h7
was published
for
openclaw
(npm)
Mar 26, 2026
OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication
Moderate
GHSA-6mqc-jqh6-x8fc
was published
for
openclaw
(npm)
Mar 26, 2026
OpenClaw: Gateway agent /reset exposes admin session reset to operator.write callers
High
GHSA-wq58-2pvg-5h4f
was published
for
openclaw
(npm)
Mar 26, 2026
OpenClaw: Zalo webhook replay cache cross-target messageId scope bypass
Low
GHSA-hhq4-97c2-p447
was published
for
openclaw
(npm)
Apr 2, 2026
OpenClaw: Node browser proxy `allowProfiles` bypass through persistent profile mutation and runtime profile selection
High
GHSA-h5hg-h7rr-gpf3
was published
for
openclaw
(npm)
Apr 3, 2026
OpenClaw: Tlon Startup Migration Rehydrates Empty-Array Revocations From File Config
Low
GHSA-3pm9-5j7m-59vc
was published
for
openclaw
(npm)
Apr 3, 2026
OpenClaw: Telegram legacy allowFrom migration fans default-account trust into all named accounts
Moderate
GHSA-f693-58pc-2gfr
was published
for
openclaw
(npm)
Apr 3, 2026
OpenClaw: diffs viewer misclassifies proxied remote requests as loopback when `allowRemoteViewer` is disabled
Moderate
GHSA-3xv9-89fm-7h4r
was published
for
openclaw
(npm)
Apr 3, 2026
ProTip!
Advisories are also available from the
GraphQL API