GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
OpenClaw affected by SSRF in Image Tool Remote Fetch
High
GHSA-56f2-hvwg-5743
was published
for
openclaw
(npm)
Feb 17, 2026
OpenClaw is Missing Webhook Authentication in Telnyx Provider Allows Unauthenticated Requests
High
CVE-2026-26319
was published
for
openclaw
(npm)
Feb 17, 2026
OpenClaw Gateway tool allowed unrestricted gatewayUrl override
High
CVE-2026-26322
was published
for
openclaw
(npm)
Feb 17, 2026
OpenClaw has a path traversal in browser upload allows local file read
High
CVE-2026-26329
was published
for
openclaw
(npm)
Feb 18, 2026
Koa has Host Header Injection via ctx.hostname
High
CVE-2026-27959
was published
for
koa
(npm)
Feb 26, 2026
OpenClaw Twilio voice-call webhook auth bypass when ngrok loopback compatibility is enabled
Moderate
CVE-2026-29606
was published
for
openclaw
(npm)
Feb 18, 2026
OpenClaw has a path traversal in apply_patch could write/delete files outside the workspace
High
CVE-2026-32060
was published
for
openclaw
(npm)
Feb 19, 2026
@nocobase/plugin-collection-sql: SQL Validation Bypass Through Missing `checkSQL` Call
High
CVE-2026-41641
was published
for
@nocobase/plugin-collection-sql
(npm)
Apr 22, 2026
@nocobase/database has SQL Injection via String Concatenation through Recursive Eager Loading
High
CVE-2026-41640
was published
for
@nocobase/database
(npm)
Apr 22, 2026
OpenClaw affected by SSRF in optional Tlon (Urbit) extension authentication
Moderate
CVE-2026-28476
was published
for
openclaw
(npm)
Feb 18, 2026
ProTip!
Advisories are also available from the
GraphQL API