GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
28,408 advisories
OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host
Moderate
CVE-2026-32043
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's andbox browser noVNC observer lacked VNC authentication
High
CVE-2026-32064
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw DM pairing-store identities could satisfy group allowlist authorization
High
CVE-2026-32027
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's dispatch-wrapper depth-cap mismatch can bypass shell-wrapper approval gating in system.run allowlist mode
Moderate
CVE-2026-32023
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's voice-call Twilio webhook replay could bypass manager dedupe because normalized event IDs were randomized per parse
Moderate
CVE-2026-32053
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw safeBins grep -e File Read Bypass (stdin-only policy bypass)
Moderate
CVE-2026-32022
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Unauthorized Telegram Senders Trigger Media Download and Disk Write Before Access Check
Moderate
GHSA-h656-5vcf-cm23
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Native prompt image auto-load did not honor tools.fs.workspaceOnly in sandboxed runs
High
GHSA-9f72-qcpw-2hxc
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's non-default safeBins sort configuration can bypass intended allowlist approval constraints
Moderate
CVE-2026-22169
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has gateway plugin auth bypass via encoded dot-segment traversal in protected /api/channels paths
High
CVE-2026-32036
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's gateway tokenless Tailscale auth applied to HTTP routes
Moderate
CVE-2026-32045
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw vulnerable to path traversal in Feishu media temp-file naming allows writes outside os.tmpdir()
Moderate
CVE-2026-22171
was published
for
openclaw
(npm)
Mar 3, 2026
DOMPurify contains a Cross-site Scripting vulnerability
Moderate
CVE-2026-0540
was published
for
dompurify
(npm)
Mar 3, 2026
OpenClaw Vulnerable to HTML injection via unvalidated image MIME type in data-URL interpolation
Low
CVE-2026-32040
was published
for
openclaw
(npm)
Mar 3, 2026
Temporary path handling could write outside OpenClaw temp boundary
Moderate
CVE-2026-32026
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Chrome --no-sandbox disabled OS-level browser sandbox in sandbox browser container
Moderate
CVE-2026-32046
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's MSTeams attachment redirect handling could bypass configured media host allowlists
High
CVE-2026-32037
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's hook transform module path allows traversal and arbitrary JavaScript module loading
High
CVE-2026-28393
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has command injection via Windows shell fallback in Lobster tool execution
High
CVE-2026-32000
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's Telegram message_reaction authorization bypass allows unauthorized system-event injection
High
GHSA-qj22-xqjr-v83v
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has allowlist exec-guard bypass via env -S
Moderate
CVE-2026-31992
was published
for
openclaw
(npm)
Mar 3, 2026
Wagtail Vulnerable to Cross-site Scripting in simple_translation admin interface
Moderate
CVE-2026-28223
was published
for
wagtail
(pip)
Mar 3, 2026
Wagtail Vulnerable to Cross-site Scripting in TableBlock class attributes
Moderate
CVE-2026-28222
was published
for
wagtail
(pip)
Mar 3, 2026
BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction
High
CVE-2026-27905
was published
for
bentoml
(pip)
Mar 3, 2026
ProTip!
Advisories are also available from the
GraphQL API