Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

8 advisories

Loading
OpenClaw: Non-owner chat senders could issue device-pairing bootstrap codes High
GHSA-xr4f-mjxj-w6w5 was published for openclaw (npm) Jul 2, 2026
Kherrisan Credited to Kherrisan
OpenClaw: Browser debug/export routes could reuse already-open blocked tabs Moderate
GHSA-hcm3-8f6r-6xwg was published for openclaw (npm) Jul 2, 2026
Kherrisan Credited to Kherrisan
OpenClaw: QQBot admin commands could skip DM-only and allowFrom policy Critical
GHSA-w4v6-g3wm-w36c was published for openclaw (npm) Jul 2, 2026
Kherrisan Credited to Kherrisan
OpenClaw's Slack plugin approvals used the exec approver gate for plugin actions Moderate
GHSA-wv26-j37q-2g7p was published for openclaw (npm) Jul 2, 2026
Kherrisan Credited to Kherrisan
OpenClaw: Scoped chat.send route inheritance could bypass admin command scope gates High
GHSA-hw9r-h9mr-4jff was published for openclaw (npm) Jul 2, 2026
Kherrisan Credited to Kherrisan
OpenClaw: QQBot native approval buttons did not enforce configured approver identity High
CVE-2026-35630 was published for openclaw (npm) Jul 2, 2026
Kherrisan Credited to Kherrisan
OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization Low
CVE-2026-41908 was published for openclaw (npm) Apr 25, 2026
Kherrisan Credited to Kherrisan
OpenClaw: Webchat media embedding enforces local-root containment for tool-result files Moderate
CVE-2026-41389 was published for openclaw (npm) Apr 17, 2026
Kherrisan Credited to Kherrisan
ProTip! Advisories are also available from the GraphQL API