GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode
Low
CVE-2026-32970
was published
for
openclaw
(npm)
Mar 13, 2026
OpenClaw: system.run wrapper-depth boundary could skip shell approval gating
Low
CVE-2026-27183
was published
for
openclaw
(npm)
Mar 9, 2026
OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access
Low
CVE-2026-32067
was published
for
openclaw
(npm)
Mar 4, 2026
OpenClaw's tools.exec.safeBins generic fallback allowed interpreter-style inline payload execution in allowlist mode
Low
GHSA-8mf7-vv8w-hjr2
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's voice-call Twilio replay dedupe now bound to authenticated webhook identity
Low
GHSA-gcj7-r3hg-m7w6
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Microsoft Teams media fetch paths bypass shared SSRF guard model
Low
GHSA-7qf6-h84j-8fq4
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's runtime /debug override path accepted prototype-reserved keys
Low
CVE-2026-27524
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows
Low
CVE-2026-32058
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read
Low
CVE-2026-32020
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains
Low
CVE-2026-31993
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw has Signal group allowlist authorization bypass via DM pairing-store leakage
Low
CVE-2026-31991
was published
for
openclaw
(npm)
Mar 2, 2026
ProTip!
Advisories are also available from the
GraphQL API