GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
28,430 advisories
OpenClaw: Gateway /tools/invoke tool escalation + ACP permission auto-approval
High
GHSA-943q-mwmv-hhvh
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw Vulnerable to Remote Code Execution via Node Invoke Approval Bypass in Gateway
Critical
CVE-2026-28466
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw vulnerable to path traversal (Zip Slip) in archive extraction during explicit installation commands
Moderate
CVE-2026-28486
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw's sandbox skill mirroring path traversal vulnerability could write outside the sandbox workspace
Moderate
CVE-2026-28457
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw has non-constant-time token comparison in hooks authentication
High
CVE-2026-28464
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw: Config writes could persist resolved ${VAR} secrets to disk
Moderate
CVE-2026-28475
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw has Zip Slip path traversal in tar archive extraction
High
CVE-2026-28453
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw gateway agents.files symlink escape allowed out-of-workspace file read/write
Critical
CVE-2026-32013
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows
Low
CVE-2026-32058
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw voice-call media stream validated streams after upgrade, which could allow pre-start unauthenticated sockets to increase resource pressure
High
CVE-2026-32062
was published
for
@openclaw/voice-call
(npm)
Mar 2, 2026
OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels
High
CVE-2026-32049
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw Canvas Path Traversal Information Disclosure Vulnerability
High
GHSA-jq4x-98m3-ggq6
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw's exec allow-always can be bypassed via unrecognized multiplexer shell wrappers (busybox/toybox sh -c)
Moderate
CVE-2026-22175
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw: Node exec approvals could be replayed across nodes
Moderate
GHSA-6x2m-hqfw-hvpj
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution
Moderate
CVE-2026-29607
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read
Low
CVE-2026-32020
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw has browser trace/download path symlink escape in temp output handling
Moderate
CVE-2026-32054
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains
Low
CVE-2026-31993
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw has Windows system.run approval mismatch on cmd.exe /c trailing arguments
High
CVE-2026-22168
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw has Signal group allowlist authorization bypass via DM pairing-store leakage
Low
CVE-2026-31991
was published
for
openclaw
(npm)
Mar 2, 2026
`melange update-cache` has unbounded HTTP download that can exhaust disk in CI
Moderate
CVE-2026-29049
was published
for
chainguard.dev/melange
(Go)
Mar 2, 2026
pypdf vulnerable to inefficient decoding of ASCIIHexDecode streams
Moderate
CVE-2026-28804
was published
for
pypdf
(pip)
Mar 2, 2026
OpenClaw: system.run approvals did not bind PATH-token executable identity, enabling post-approval executable rebind
High
CVE-2026-31997
was published
for
openclaw
(npm)
Mar 2, 2026
ProTip!
Advisories are also available from the
GraphQL API