Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

30 advisories

Loading
OpenClaw: Marketplace Plugin Download Follows Redirects Without SSRF Protection Moderate
CVE-2026-41297 was published for openclaw (npm) Apr 7, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Tlon media downloads can bypass core safety limits and exhaust disk Moderate
GHSA-4g5x-2jfc-xm98 was published for openclaw (npm) Apr 7, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: `/phone arm`/`/phone disarm` Bypasses `operator.admin` Scope Check for External Channels Moderate
GHSA-h2v7-xc88-xx8c was published for openclaw (npm) Apr 7, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Telegram audio preflight transcription enables resource consumption by unauthorized senders Moderate
CVE-2026-41331 was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Paired node escalates to gateway RCE via unrestricted node.event agent dispatch High
GHSA-gjm7-hw8f-73rq was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Sandbox escape via TOCTOU race in remote FS bridge readFile Critical
CVE-2026-41296 was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Sandbox file operations use check-then-act, bypassing fd-based TOCTOU defenses Moderate
GHSA-rm5c-4rmf-vvhw was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Image pixel-limit guard can fail open on sips and allow decompression-bomb DoS Moderate
GHSA-w85g-3h6x-4xh2 was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Device-Paired Node Skips Node Scope Gate → Host RCE.md High
GHSA-xj9w-5r6q-x6v4 was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding Low
GHSA-37v6-fxx8-xjmx was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Host exec environment overrides miss proxy, TLS, Docker, and Git TLS controls Moderate
CVE-2026-41330 was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw runs Discord audio preflight transcription before member authorization Moderate
GHSA-hhff-fj5f-qg48 was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode Moderate
GHSA-mhr7-2xmv-4c4q was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: MS Teams webhook parses body before JWT validation, enabling unauthenticated resource exhaustion Moderate
GHSA-p464-m8x6-vhv8 was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Media download follows cross-origin redirects with Authorization headers intact Moderate
GHSA-68v4-hmwv-f43h was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: OpenShell Mirror Sync — Sandbox Escape via Unrestricted File Sync + Symlink Traversal High
GHSA-cwf8-44x6-32c2 was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host Moderate
GHSA-fv94-qvg8-xqpw was published for openclaw (npm) Apr 2, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: SSH-based sandbox backends pass unsanitized process.env to child processes Moderate
GHSA-j9pv-rrcj-6pfx was published for openclaw (npm) Apr 2, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: MSTeams thread history bypasses sender allowlist via Graph API Low
GHSA-chfm-xgc4-47rj was published for openclaw (npm) Apr 2, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Matrix thread root and reply context bypass sender allowlist Low
GHSA-rg8m-3943-vm6q was published for openclaw (npm) Apr 2, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Feishu thread history and quoted messages bypass sender allowlist Moderate
GHSA-877v-w3f5-3pcq was published for openclaw (npm) Apr 2, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Heartbeat context inheritance bypasses sandbox via senderIsOwner escalation Critical
CVE-2026-41329 was published for openclaw (npm) Apr 2, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw affected by SSRF via unguarded image download in fal provider Low
CVE-2026-34504 was published for openclaw (npm) Apr 1, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: Google Chat and Zalouser group sender allowlist bypass via policy downgrade Moderate
CVE-2026-33578 was published for openclaw (npm) Apr 1, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw: node.pair.approve missing callerScopes validation allows low-privilege operator to approve malicious nodes Moderate
CVE-2026-33577 was published for openclaw (npm) Apr 1, 2026
AntAISecurityLab Credited to AntAISecurityLab
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database