Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

10 advisories

Loading
OpenClaw: Paired nodes could forge exec lifecycle events without system.run provenance High
CVE-2026-53816 was published for openclaw (npm) Jul 2, 2026
cantinagen Credited to cantinagen and Ellahinator Ellahinator Ellahinator
OpenClaw's POSIX node system.run safe-bin allowlist could be widened by shell expansion High
GHSA-mhq8-78pj-5j79 was published for openclaw (npm) Jul 2, 2026
cantinagen Credited to cantinagen and Ellahinator Ellahinator Ellahinator
OpenClaw: Hook-triggered CLI runs could receive owner MCP tool authority High
CVE-2026-53814 was published for openclaw (npm) Jul 2, 2026
cantinagen Credited to cantinagen and Ellahinator Ellahinator Ellahinator
OpenClaw: Same-host trusted-proxy deployments could accept local forged identity headers High
GHSA-rggc-m335-3wvj was published for openclaw (npm) Jul 2, 2026
cantinagen Credited to cantinagen and Ellahinator Ellahinator Ellahinator
OpenClaw's marketplace runtime extension metadata could point at unscanned payloads High
CVE-2026-53810 was published for openclaw (npm) Jul 2, 2026
cantinagen Credited to cantinagen and Ellahinator Ellahinator Ellahinator
OpenClaw's browser act interactions could bypass private-network navigation checks Moderate
CVE-2026-53812 was published for openclaw (npm) Jul 2, 2026
cantinagen Credited to cantinagen and Ellahinator Ellahinator Ellahinator
OpenClaw: Bundle MCP loopback could miss its exec denylist on session spawn Moderate
GHSA-qh2f-99mv-mrcf was published for openclaw (npm) Jul 2, 2026
cantinagen Credited to cantinagen and Ellahinator Ellahinator Ellahinator
OpenClaw: Exec approval display truncation could hide the command being approved High
GHSA-xww8-gqvh-92x9 was published for openclaw (npm) Jul 2, 2026
cantinagen Credited to cantinagen and Ellahinator Ellahinator Ellahinator
OpenClaw: Shell positional parameters could weaken strict inline-eval checks High
CVE-2026-53855 was published for openclaw (npm) Jun 18, 2026
cantinagen Credited to cantinagen and Ellahinator Ellahinator Ellahinator
OpenClaw: Pairing-scoped device session could restore revoked node token authority High
CVE-2026-53843 was published for openclaw (npm) Jun 18, 2026
cantinagen Credited to cantinagen and Ellahinator Ellahinator Ellahinator
ProTip! Advisories are also available from the GraphQL API