GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
69 advisories
OpenClaw's gateway config mutation guard allowed unsafe model-driven config writes
High
GHSA-cwj3-vqpp-pmxr
was published
for
openclaw
(npm)
May 5, 2026
OpenClaw's Gateway Control UI bootstrap config required Gateway auth
Moderate
GHSA-93rg-2xm5-2p9v
was published
for
openclaw
(npm)
May 4, 2026
OpenClaw's ACP child sessions inherit subagent security envelope constraints
Moderate
GHSA-q3jj-46pq-826r
was published
for
openclaw
(npm)
May 4, 2026
OpenClaw: Webchat audio embedding could read local files without local-root containment
Moderate
GHSA-gfg9-5357-hv4c
was published
for
openclaw
(npm)
Apr 29, 2026
OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners
Moderate
GHSA-c28g-vh7m-fm7v
was published
for
openclaw
(npm)
Apr 29, 2026
OpenClaw: Agent gateway config mutations could change protected operator settings
Moderate
GHSA-7jm2-g593-4qrc
was published
for
openclaw
(npm)
Apr 25, 2026
OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy
Moderate
GHSA-qrp5-gfw2-gxv4
was published
for
openclaw
(npm)
Apr 25, 2026
OpenClaw: Isolated cron awareness events were recorded as trusted system events
Low
GHSA-57r2-h2wj-g887
was published
for
openclaw
(npm)
Apr 25, 2026
OpenClaw: Feishu card actions could misclassify DMs and skip dmPolicy
Moderate
GHSA-72q8-jcmc-97wx
was published
for
openclaw
(npm)
Apr 25, 2026
OpenClaw: Hook mapping templates could bypass hook session-key opt-in
Moderate
GHSA-2xcp-x87w-q377
was published
for
openclaw
(npm)
Apr 25, 2026
OpenClaw: QMD memory_get restricts reads to canonical or indexed memory paths
Moderate
GHSA-f934-5rqf-xx47
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: Matrix room control-command authorization no longer trusts DM pairing-store entries
High
GHSA-2gvc-4f3c-2855
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation
High
GHSA-xmxx-7p24-h892
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: Sandboxed agents could escape exec routing via host=node override
High
CVE-2026-42434
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage
Moderate
GHSA-536q-mj95-h29h
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement
Moderate
CVE-2026-43573
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows
High
CVE-2026-43571
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: Workspace .env could inject OpenClaw runtime-control variables
Moderate
CVE-2026-43531
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: Agent hook events could enqueue trusted system events from unsanitized external input
Moderate
CVE-2026-43534
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: Microsoft Teams SSO invoke handler missed sender authorization checks
Low
CVE-2026-43572
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: Delivery queue recovery could lose group tool-policy context for media replay
Low
GHSA-r77c-2cmr-7p47
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: Heartbeat owner downgrade missed local async exec completion events
Moderate
GHSA-g375-h3v6-4873
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: Heartbeat owner downgrade missed untrusted webhook wake events
Moderate
CVE-2026-43566
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: Browser snapshot and screenshot routes could expose internal page content after navigation
Moderate
CVE-2026-42436
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: config.get redaction bypass through sourceConfig and runtimeConfig aliases
High
CVE-2026-43528
was published
for
openclaw
(npm)
Apr 17, 2026
ProTip!
Advisories are also available from the
GraphQL API