GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
130 advisories
OpenClaw: Browser interaction routes could pivot into local CDP and regain file reads
Moderate
GHSA-qmwg-qprg-3j38
was published
for
openclaw
(npm)
Apr 17, 2026
October Rain has a Twig Sandbox Bypass via Collection Methods
Moderate
CVE-2026-22692
was published
for
october/rain
(Composer)
Apr 14, 2026
OpenClaw: Chrome --no-sandbox disabled OS-level browser sandbox in sandbox browser container
Moderate
CVE-2026-32046
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions
Moderate
CVE-2026-27646
was published
for
openclaw
(npm)
Mar 9, 2026
A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution
Moderate
CVE-2026-33622
was published
for
github.com/pinchtab/pinchtab
(Go)
Mar 24, 2026
OpenClaw has a sandbox network isolation bypass via docker.network=container:<id>
Moderate
CVE-2026-32038
was published
for
openclaw
(npm)
Mar 2, 2026
Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)
Moderate
CVE-2026-32947
was published
for
step-security/harden-runner
(GitHub Actions)
Mar 17, 2026
Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier)
Moderate
CVE-2026-32946
was published
for
step-security/harden-runner
(GitHub Actions)
Mar 17, 2026
ProTip!
Advisories are also available from the
GraphQL API