Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

9 advisories

Loading
OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks Low
GHSA-j4c5-89f5-f3pm was published for openclaw (npm) Apr 25, 2026
nicky-cc Credited to nicky-cc
OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets Moderate
CVE-2026-43576 was published for openclaw (npm) Apr 17, 2026
nicky-cc Credited to nicky-cc
OpenClaw: Browser tabs action select and close routes bypassed SSRF policy Moderate
CVE-2026-42439 was published for openclaw (npm) Apr 17, 2026
nicky-cc Credited to nicky-cc
nicky-cc Credited to nicky-cc
OpenClaw `node.invoke(browser.proxy)` bypasses `browser.request` persistent profile-mutation guard Moderate
CVE-2026-42431 was published for openclaw (npm) Apr 9, 2026
nicky-cc Credited to nicky-cc
nicky-cc Credited to nicky-cc
OpenClaw SSRF guard misses four IPv6 special-use ranges Low
GHSA-g86v-f9qv-rh6m was published for openclaw (npm) Mar 31, 2026
nicky-cc Credited to nicky-cc
nicky-cc Credited to nicky-cc
OpenClaw safeBins jq `$ENV` filter bypass allows environment variable disclosure High
GHSA-jccr-rrw2-vc8h was published for openclaw (npm) Mar 31, 2026
nicky-cc Credited to nicky-cc
ProTip! Advisories are also available from the GraphQL API