GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode
Low
GHSA-qvr7-g57c-mrc7
was published
for
openclaw
(npm)
Mar 13, 2026
OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access
Low
GHSA-vjp8-wprm-2jw9
was published
for
openclaw
(npm)
Mar 4, 2026
OpenClaw's tools.exec.safeBins generic fallback allowed interpreter-style inline payload execution in allowlist mode
Low
GHSA-8mf7-vv8w-hjr2
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's voice-call Twilio replay dedupe now bound to authenticated webhook identity
Low
GHSA-gcj7-r3hg-m7w6
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Microsoft Teams media fetch paths bypass shared SSRF guard model
Low
GHSA-7qf6-h84j-8fq4
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's runtime /debug override path accepted prototype-reserved keys
Low
GHSA-62f6-mrcj-v8h5
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions
Low
GHSA-vvgp-4c28-m3jm
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read
Low
GHSA-5ghc-98wh-gwwf
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains
Low
GHSA-5f9p-f3w2-fwch
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw has Signal group allowlist authorization bypass via DM pairing-store leakage
Low
GHSA-wm8r-w8pf-2v6w
was published
for
openclaw
(npm)
Mar 2, 2026
ProTip!
Advisories are also available from the
GraphQL API