GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
OpenClaw improperly parses X-Forwarded-For behind trusted proxies allows client IP spoofing in security decisions
Moderate
CVE-2026-32029
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw Telegram allowlist authorization accepted mutable usernames
Moderate
CVE-2026-28480
was published
for
clawdbot
(npm)
Feb 18, 2026
OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting
High
CVE-2026-28469
was published
for
clawdbot
(npm)
Feb 18, 2026
OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints
High
CVE-2026-26317
was published
for
clawdbot
(npm)
Feb 18, 2026
OpenClaw affected by denial of service via unbounded webhook request body buffering
High
CVE-2026-28478
was published
for
clawdbot
(npm)
Feb 18, 2026
OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR)
Moderate
CVE-2026-28452
was published
for
clawdbot
(npm)
Feb 18, 2026
OpenClaw: denial of service through large base64 media files allocating large buffers before limit checks
Moderate
CVE-2026-29612
was published
for
clawdbot
(npm)
Feb 18, 2026
OpenClaw affected by denial of service via unbounded URL-backed media fetch
High
CVE-2026-29609
was published
for
openclaw
(npm)
Feb 18, 2026
OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities
Moderate
CVE-2026-26328
was published
for
clawdbot
(npm)
Feb 18, 2026
OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite sender-ID mismatch
Low
GHSA-chm2-m3w2-wcxm
was published
for
clawdbot
(npm)
Feb 17, 2026
ProTip!
Advisories are also available from the
GraphQL API