Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
42
Go
3,138
Maven
5,000+
npm
5,000+
NuGet
831
pip
4,438
Pub
12
RubyGems
990
Rust
1,174
Swift
50
Unreviewed advisories
All unreviewed
5,000+

95 advisories

Loading
OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions Moderate
GHSA-9q36-67vc-rrwg was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey
OpenClaw: system.run allow-always persistence included shell-commented payload tails Moderate
GHSA-9q2p-vc84-2rwm was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey
OpenClaw: `operator.write` chat.send could reach admin-only config writes Moderate
GHSA-hfpr-jhpq-x4rm was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey
OpenClaw: system.run wrapper-depth boundary could skip shell approval gating Moderate
GHSA-r6qf-8968-wj9q was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey
OpenClaw: Cross-account sender authorization expansion in `/allowlist ... --store` account scoping Moderate
GHSA-pjvx-rx66-r3fg was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey
OpenClaw's system.run allowlist approval parsing missed PowerShell encoded-command wrappers Moderate
GHSA-3h2q-j2v4-6w5r was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey
OpenClaw's `system.run` env override filtering allowed dangerous helper-command pivots Moderate
GHSA-j425-whc4-4jgc was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey, SnailSploit, and zpbrent SnailSploit SnailSploit
zpbrent zpbrent
OpenClaw: BlueBubbles (optional plugin) pairing/allowlist mismatch when allowFrom is empty Moderate
GHSA-jwf4-8wf4-jf2m was published for openclaw (npm) Mar 4, 2026
tdjackey Credited to tdjackey
OpenClaw: Hardlink alias checks could bypass workspace-only file boundaries in specific configurations High
GHSA-3jx4-q2m7-r496 was published for openclaw (npm) Mar 4, 2026
tdjackey Credited to tdjackey
OpenClaw's image tool bypasses tools.fs.workspaceOnly on sandbox mount paths and exfiltrates out-of-workspace images Moderate
GHSA-q6qf-4p5j-r25g was published for openclaw (npm) Mar 4, 2026
tdjackey Credited to tdjackey
OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access Low
GHSA-vjp8-wprm-2jw9 was published for openclaw (npm) Mar 4, 2026
tdjackey Credited to tdjackey
OpenClaw: Slack interactive callbacks could skip configured sender checks in some shared-workspace flows High
GHSA-x2ff-j5c2-ggpr was published for openclaw (npm) Mar 4, 2026
tdjackey Credited to tdjackey
OpenClaw's Node role device-identity bypass allows unauthorized node.event injection Moderate
GHSA-rv2q-f2h5-6xmg was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has Windows Lobster shell fallback command injection in constrained fallback path Moderate
GHSA-fg3m-vhrr-8gj6 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's Zalo group sender allowlist bypass permits unauthorized GROUP dispatch Moderate
GHSA-534w-2vm4-89xr was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's exec allowlist wrapper analysis did not unwrap env/shell dispatch chains High
GHSA-jj82-76v6-933r was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks Moderate
GHSA-792q-qw95-f446 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's sandbox bind validation could bypass allowed-root and blocked-path checks via symlink-parent missing-leaf paths High
GHSA-m8v2-6wwh-r4gc was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Zip extraction symlink traversal could write outside destination High
GHSA-jxrq-8fm4-9p58 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's tools.exec.safeBins generic fallback allowed interpreter-style inline payload execution in allowlist mode Low
GHSA-8mf7-vv8w-hjr2 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's Synology Chat dmPolicy=allowlist failed open on empty allowedUserIds, allowing unauthorized agent dispatch Moderate
GHSA-gw85-xp4q-5gp9 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
In OpenClaw, manually adding sort to tools.exec.safeBins could bypass allowlist approval via --compress-program High
GHSA-4gc7-qcvf-38wg was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has a BlueBubbles group allowlist mismatch via DM pairing-store fallback Moderate
GHSA-25pw-4h6w-qwvm was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's voice-call Twilio replay dedupe now bound to authenticated webhook identity Low
GHSA-gcj7-r3hg-m7w6 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Microsoft Teams media fetch paths bypass shared SSRF guard model Low
GHSA-7qf6-h84j-8fq4 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database