Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

5 advisories

Loading
OpenClaw: Sandboxed session spawn could expose the real workspace path to child prompts Moderate
GHSA-6c4r-g249-wv3c was published for openclaw (npm) Jul 2, 2026
anshumanbh Credited to anshumanbh
OpenClaw: message.action forwarding could send Gateway credentials to model-supplied loopback URLs Moderate
GHSA-grc3-2j34-p6gm was published for openclaw (npm) Jul 2, 2026
anshumanbh Credited to anshumanbh
OpenClaw: QQBot streaming command could mutate config without explicit allowFrom High
GHSA-jvm4-4j77-39p6 was published for openclaw (npm) Jul 2, 2026
anshumanbh Credited to anshumanbh
OpenClaw: Empty approver lists could grant explicit approval authorization Moderate
CVE-2026-43574 was published for openclaw (npm) Apr 17, 2026
anshumanbh Credited to anshumanbh
Prevent XSS from Confidant API call Moderate
CVE-2024-45793 was published for confidant (pip) Sep 20, 2024
whu-lyft Credited to whu-lyft, meng-han, alejandroroiz, achantavy, heryxpc, anshumanbh, bstewart-lyft, and reindaelman meng-han meng-han
alejandroroiz alejandroroiz achantavy achantavy heryxpc heryxpc anshumanbh anshumanbh bstewart-lyft bstewart-lyft reindaelman reindaelman
ProTip! Advisories are also available from the GraphQL API