GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
9 advisories
OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints
High
CVE-2026-26317
was published
for
clawdbot
(npm)
Feb 18, 2026
OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities
Moderate
CVE-2026-26328
was published
for
clawdbot
(npm)
Feb 18, 2026
OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting
High
GHSA-rq6g-px6m-c248
was published
for
clawdbot
(npm)
Feb 18, 2026
OpenClaw Telegram allowlist authorization accepted mutable usernames
Moderate
GHSA-mj5r-hh7j-4gxf
was published
for
clawdbot
(npm)
Feb 18, 2026
OpenClaw affected by denial of service via unbounded webhook request body buffering
High
GHSA-q447-rj3r-2cgh
was published
for
clawdbot
(npm)
Feb 18, 2026
OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR)
Moderate
GHSA-h89v-j3x9-8wqj
was published
for
clawdbot
(npm)
Feb 18, 2026
OpenClaw: denial of service through large base64 media files allocating large buffers before limit checks
Moderate
GHSA-w2cg-vxx6-5xjg
was published
for
clawdbot
(npm)
Feb 18, 2026
OpenClaw affected by denial of service via unbounded URL-backed media fetch
High
GHSA-j27p-hq53-9wgc
was published
for
openclaw
(npm)
Feb 18, 2026
OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite sender-ID mismatch
Low
GHSA-chm2-m3w2-wcxm
was published
for
clawdbot
(npm)
Feb 17, 2026
ProTip!
Advisories are also available from the
GraphQL API