GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
28,615 advisories
OpenClaw: macOS optional allowlist basename matching could bypass path-based policy
Moderate
CVE-2026-32016
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has system.run shell-wrapper env injection via SHELLOPTS/PS4 can bypass allowlist intent (RCE)
High
CVE-2026-32003
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Node reconnect metadata spoofing could bypass platform-based node command policy
High
CVE-2026-32014
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: macOS beta onboarding exposed PKCE verifier via OAuth state
Moderate
GHSA-6g25-pc82-vfwp
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's avatar symlink traversal can expose out-of-workspace local files
Moderate
CVE-2026-32024
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has a sandbox network isolation bypass via docker.network=container:<id>
Moderate
CVE-2026-32038
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw: Node system.run approval bypass via parent-symlink cwd rebind
High
CVE-2026-27545
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw: Message action attachment hydration bypasses local media root checks when sandboxRoot is unset
High
CVE-2026-27522
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw: system.run approval identity mismatch could execute a different binary than displayed
Moderate
CVE-2026-32065
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw: Gateway /tools/invoke tool escalation + ACP permission auto-approval
High
GHSA-943q-mwmv-hhvh
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw Vulnerable to Remote Code Execution via Node Invoke Approval Bypass in Gateway
Critical
CVE-2026-28466
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw vulnerable to path traversal (Zip Slip) in archive extraction during explicit installation commands
Moderate
CVE-2026-28486
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw's sandbox skill mirroring path traversal vulnerability could write outside the sandbox workspace
Moderate
CVE-2026-28457
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw has non-constant-time token comparison in hooks authentication
High
CVE-2026-28464
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw: Config writes could persist resolved ${VAR} secrets to disk
Moderate
CVE-2026-28475
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw has Zip Slip path traversal in tar archive extraction
High
CVE-2026-28453
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw gateway agents.files symlink escape allowed out-of-workspace file read/write
Critical
CVE-2026-32013
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows
Low
CVE-2026-32058
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw voice-call media stream validated streams after upgrade, which could allow pre-start unauthenticated sockets to increase resource pressure
High
CVE-2026-32062
was published
for
@openclaw/voice-call
(npm)
Mar 2, 2026
OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels
High
CVE-2026-32049
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw Canvas Path Traversal Information Disclosure Vulnerability
High
GHSA-jq4x-98m3-ggq6
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw's exec allow-always can be bypassed via unrecognized multiplexer shell wrappers (busybox/toybox sh -c)
Moderate
CVE-2026-22175
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw: Node exec approvals could be replayed across nodes
Moderate
GHSA-6x2m-hqfw-hvpj
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution
Moderate
CVE-2026-29607
was published
for
openclaw
(npm)
Mar 2, 2026
ProTip!
Advisories are also available from the
GraphQL API