GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
OpenClaw: system.run allow-always persistence included shell-commented payload tails
Moderate
GHSA-9q2p-vc84-2rwm
was published
for
openclaw
(npm)
Mar 9, 2026
OpenClaw has exec allowlist/safeBins policy-runtime mismatch via env -S wrapper interpretation
Moderate
GHSA-796m-2973-wc5q
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text
Moderate
CVE-2026-32052
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: system.run approval identity mismatch could execute a different binary than displayed
Moderate
CVE-2026-32065
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw: Unicode canonicalization drift in node metadata policy classification could broaden node allowlists
Moderate
GHSA-392f-ggf5-fp3c
was published
for
openclaw
(npm)
Mar 2, 2026
Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict
Moderate
CVE-2025-13033
was published
for
nodemailer
(npm)
Oct 7, 2025
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
Moderate
CVE-2023-30541
was published
for
@openzeppelin/contracts
(npm)
Apr 17, 2023
Misinterpretation of malicious XML input
Moderate
CVE-2021-21366
was published
for
xmldom
(npm)
Mar 12, 2021
ProTip!
Advisories are also available from the
GraphQL API