Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

8 advisories

Loading
OpenClaw: Mattermost slash token revocation could lag until monitor refresh Moderate
GHSA-4m3v-q747-pc6h was published for openclaw (npm) Jul 2, 2026
feynman-hou Credited to feynman-hou
OpenClaw: Slack and Zalo webhook secrets could remain active after secrets.reload Moderate
GHSA-275c-xpvc-jgfw was published for openclaw (npm) Jul 2, 2026
feynman-hou Credited to feynman-hou
OpenClaw: Fake package roots could influence memory-core artifact loading High
CVE-2026-53813 was published for openclaw (npm) Jul 2, 2026
feynman-hou Credited to feynman-hou
OpenClaw: Workspace .env could override Homebrew executable selection for skill install flows High
CVE-2026-53819 was published for openclaw (npm) Jul 2, 2026
feynman-hou Credited to feynman-hou
OpenClaw: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots High
CVE-2026-53858 was published for openclaw (npm) Jun 18, 2026
feynman-hou Credited to feynman-hou
OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency install High
CVE-2026-53846 was published for openclaw (npm) Jun 18, 2026
feynman-hou Credited to feynman-hou
OpenClaw: Workspace .env CLOUDSDK_PYTHON could influence Gmail setup gcloud execution High
CVE-2026-53842 was published for openclaw (npm) Jun 18, 2026
feynman-hou Credited to feynman-hou
OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload Moderate
CVE-2026-45005 was published for openclaw (npm) May 5, 2026
feynman-hou Credited to feynman-hou
ProTip! Advisories are also available from the GraphQL API