GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
OpenClaw has Signal group allowlist authorization bypass via DM pairing-store leakage
Low
CVE-2026-31991
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains
Low
CVE-2026-31993
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read
Low
CVE-2026-32020
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows
Low
CVE-2026-32058
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw's runtime /debug override path accepted prototype-reserved keys
Low
CVE-2026-27524
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Microsoft Teams media fetch paths bypass shared SSRF guard model
Low
GHSA-7qf6-h84j-8fq4
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's voice-call Twilio replay dedupe now bound to authenticated webhook identity
Low
GHSA-gcj7-r3hg-m7w6
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's tools.exec.safeBins generic fallback allowed interpreter-style inline payload execution in allowlist mode
Low
GHSA-8mf7-vv8w-hjr2
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access
Low
CVE-2026-32067
was published
for
openclaw
(npm)
Mar 4, 2026
OpenClaw: system.run wrapper-depth boundary could skip shell approval gating
Low
CVE-2026-27183
was published
for
openclaw
(npm)
Mar 9, 2026
OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode
Low
CVE-2026-32970
was published
for
openclaw
(npm)
Mar 13, 2026
ProTip!
Advisories are also available from the
GraphQL API