GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
55 advisories
OpenClaw's TOCTOU symlink race in writeFileWithinRoot could create or truncate files outside root boundaries
High
GHSA-x82f-27x3-q89c
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw: Sandbox media TOCTOU could read files outside sandbox root
High
GHSA-7xmq-g46g-f8pv
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw's authorization mismatch allowed write-scope agent runs to reach owner-only tools
High
GHSA-jr6x-2q95-fh2g
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw has web_search citation redirect SSRF via private-network-allowing policy
High
CVE-2026-31989
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw: system.run approvals did not bind PATH-token executable identity, enabling post-approval executable rebind
High
CVE-2026-31997
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw has Windows system.run approval mismatch on cmd.exe /c trailing arguments
High
CVE-2026-22168
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels
High
CVE-2026-32049
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw: Node system.run approval bypass via parent-symlink cwd rebind
High
CVE-2026-27545
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw has system.run shell-wrapper env injection via SHELLOPTS/PS4 can bypass allowlist intent (RCE)
High
CVE-2026-32003
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's Telegram message_reaction authorization bypass allows unauthorized system-event injection
High
GHSA-qj22-xqjr-v83v
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's MSTeams attachment redirect handling could bypass configured media host allowlists
High
CVE-2026-32037
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Native prompt image auto-load did not honor tools.fs.workspaceOnly in sandboxed runs
High
GHSA-9f72-qcpw-2hxc
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw DM pairing-store identities could satisfy group allowlist authorization
High
CVE-2026-32027
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: stageSandboxMedia destination symlink traversal can overwrite files outside sandbox workspace
High
CVE-2026-31990
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: ZIP extraction race could write outside destination via parent symlink rebind
High
CVE-2026-28483
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has encoded-path auth bypass in plugin `/api/channels` route classification
High
CVE-2026-32004
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Sandboxed sessions_spawn(runtime="acp") bypassed sandbox inheritance and allowed host ACP initialization
High
GHSA-474h-prjg-mmw3
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: safeBins static default trusted dirs allow writable-dir binary hijack (`jq`)
High
CVE-2026-32009
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL
High
CVE-2026-22217
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Experimental apply_patch may bypass workspace-only checks in opt-in sandbox mounts (off by default)
High
CVE-2026-32007
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling
High
CVE-2026-31994
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has macOS `system.run` allowlist bypass via quoted command substitution
High
CVE-2026-22179
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's tools.exec.safeBins sort long-option abbreviation bypass can skip exec approval in allowlist mode
High
CVE-2026-32059
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has a Command Injection via unescaped environment assignments in Windows Scheduled Task script generation
High
CVE-2026-22176
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw Improperly Neutralizes Line Breaks in systemd Unit Generation Enables Local Command Execution (Linux)
High
CVE-2026-32063
was published
for
openclaw
(npm)
Mar 3, 2026
ProTip!
Advisories are also available from the
GraphQL API