Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

116 advisories

Loading
OpenClaw: Unicode canonicalization drift in node metadata policy classification could broaden node allowlists Moderate
GHSA-392f-ggf5-fp3c was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns Moderate
GHSA-p7gr-f84w-hqg5 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw has an unauthorized sender bypass in its stop triggers and /models command authorization Moderate
GHSA-8m9v-xpgf-g99m was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
CpenClaw's ACPX Windows wrapper shell fallback allowed cwd injection in specific paths Critical
GHSA-6f6j-wx9w-ff4j was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw's TOCTOU symlink race in writeFileWithinRoot could create or truncate files outside root boundaries High
GHSA-x82f-27x3-q89c was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw: Sandbox media TOCTOU could read files outside sandbox root High
GHSA-7xmq-g46g-f8pv was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw's authorization mismatch allowed write-scope agent runs to reach owner-only tools High
GHSA-jr6x-2q95-fh2g was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw has web_search citation redirect SSRF via private-network-allowing policy High
GHSA-g99v-8hwm-g76g was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw: system.run approvals did not bind PATH-token executable identity, enabling post-approval executable rebind High
GHSA-q399-23r3-hfx4 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw has Signal group allowlist authorization bypass via DM pairing-store leakage Low
GHSA-wm8r-w8pf-2v6w was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw has Windows system.run approval mismatch on cmd.exe /c trailing arguments High
GHSA-5v6x-rfc3-7qfr was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains Low
GHSA-5f9p-f3w2-fwch was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw has browser trace/download path symlink escape in temp output handling Moderate
GHSA-36h3-7c54-j27r was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read Low
GHSA-5ghc-98wh-gwwf was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution Moderate
GHSA-6j27-pc5c-m8w8 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw: Node exec approvals could be replayed across nodes Moderate
GHSA-6x2m-hqfw-hvpj was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels Moderate
GHSA-rxxp-482v-7mrh was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows Moderate
GHSA-hjvp-qhm6-wrh2 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw gateway agents.files symlink escape allowed out-of-workspace file read/write Critical
GHSA-fgvx-58p6-gjwc was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw: system.run approval identity mismatch could execute a different binary than displayed High
GHSA-hwpq-rrpf-pgcq was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw: Node system.run approval bypass via parent-symlink cwd rebind High
GHSA-f7ww-2725-qvw2 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw has a sandbox network isolation bypass via docker.network=container:<id> Moderate
GHSA-ww6v-v748-x7g9 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw's avatar symlink traversal can expose out-of-workspace local files Moderate
GHSA-rx3g-mvc3-qfjf was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has system.run shell-wrapper env injection via SHELLOPTS/PS4 can bypass allowlist intent (RCE) Moderate
GHSA-2fgq-7j6h-9rm4 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: macOS optional allowlist basename matching could bypass path-based policy Moderate
GHSA-7f4q-9rqh-x36p was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database