Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

8 advisories

Loading
OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions Moderate
CVE-2026-32057 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
AnthonyDiSanti Credited to AnthonyDiSanti and vincentkoc vincentkoc vincentkoc
OpenClaw's Zalouser allowlist authorization matched mutable group names by default Moderate
GHSA-f5mf-3r52-r83w was published for openclaw (npm) Mar 13, 2026
zpbrent Credited to zpbrent
Duplicate Advisory: OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions Moderate
GHSA-xh9j-mpc9-2m9p was published for openclaw (npm) Mar 21, 2026 withdrawn
Duplicate Advisory: OpenClaw ACP client has permission auto-approval bypass via untrusted tool metadata Moderate
GHSA-rcx4-77x4-hjx5 was published for openclaw (npm) Mar 21, 2026 withdrawn
OpenClaw: Synology Chat reply delivery could be rebound through username-based user resolution. Moderate
CVE-2026-35670 was published for openclaw (npm) Mar 26, 2026
nexrin Credited to nexrin, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
OpenClaw's Conflicting Tool Identity Hints Bypass Dangerous-Tool Prompting Moderate
CVE-2026-35655 was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
ProTip! Advisories are also available from the GraphQL API