GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
27,583 advisories
OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text
High
GHSA-6rcp-vxwf-3mfp
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host
High
GHSA-mwcg-wfq3-4gjc
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's andbox browser noVNC observer lacked VNC authentication
Moderate
GHSA-25gx-x37c-7pph
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw DM pairing-store identities could satisfy group allowlist authorization
Moderate
CVE-2026-32027
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's dispatch-wrapper depth-cap mismatch can bypass shell-wrapper approval gating in system.run allowlist mode
Moderate
CVE-2026-32023
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's voice-call Twilio webhook replay could bypass manager dedupe because normalized event IDs were randomized per parse
Moderate
GHSA-vqx8-9xxw-f2m7
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw safeBins grep -e File Read Bypass (stdin-only policy bypass)
Moderate
CVE-2026-32022
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Unauthorized Telegram Senders Trigger Media Download and Disk Write Before Access Check
Moderate
GHSA-h656-5vcf-cm23
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Native prompt image auto-load did not honor tools.fs.workspaceOnly in sandboxed runs
High
GHSA-9f72-qcpw-2hxc
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's non-default safeBins sort configuration can bypass intended allowlist approval constraints
Moderate
CVE-2026-22169
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has gateway plugin auth bypass via encoded dot-segment traversal in protected /api/channels paths
High
CVE-2026-32036
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's gateway tokenless Tailscale auth applied to HTTP routes
Moderate
GHSA-hff7-ccv5-52f8
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw vulnerable to path traversal in Feishu media temp-file naming allows writes outside os.tmpdir()
Moderate
CVE-2026-22171
was published
for
openclaw
(npm)
Mar 3, 2026
DOMPurify contains a Cross-site Scripting vulnerability
Moderate
CVE-2026-0540
was published
for
dompurify
(npm)
Mar 3, 2026
OpenClaw Vulnerable to HTML injection via unvalidated image MIME type in data-URL interpolation
Moderate
CVE-2026-32040
was published
for
openclaw
(npm)
Mar 3, 2026
Temporary path handling could write outside OpenClaw temp boundary
Moderate
CVE-2026-32026
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Chrome --no-sandbox disabled OS-level browser sandbox in sandbox browser container
Moderate
GHSA-43x4-g22p-3hrq
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's MSTeams attachment redirect handling could bypass configured media host allowlists
High
CVE-2026-32037
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's hook transform module path allows traversal and arbitrary JavaScript module loading
High
CVE-2026-28393
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has command injection via Windows shell fallback in Lobster tool execution
High
CVE-2026-32000
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's Telegram message_reaction authorization bypass allows unauthorized system-event injection
High
GHSA-qj22-xqjr-v83v
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has allowlist exec-guard bypass via env -S
Moderate
CVE-2026-31992
was published
for
openclaw
(npm)
Mar 3, 2026
Wagtail Vulnerable to Cross-site Scripting in simple_translation admin interface
Moderate
CVE-2026-28223
was published
for
wagtail
(pip)
Mar 3, 2026
Wagtail Vulnerable to Cross-site Scripting in TableBlock class attributes
Moderate
CVE-2026-28222
was published
for
wagtail
(pip)
Mar 3, 2026
ProTip!
Advisories are also available from the
GraphQL API