GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
2,143 advisories
OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets
Moderate
GHSA-f7fh-qg34-x2xh
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage
Moderate
GHSA-536q-mj95-h29h
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement
Moderate
GHSA-527m-976r-jf79
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: Browser tabs action select and close routes bypassed SSRF policy
Moderate
GHSA-rj2p-j66c-mgqh
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: Browser SSRF policy default allowed private-network navigation
Moderate
GHSA-53vx-pmqw-863c
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding
Moderate
GHSA-xq94-r468-qwgj
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes
Moderate
GHSA-2767-2q9v-9326
was published
for
openclaw
(npm)
Apr 17, 2026
OpenClaw: Browser snapshot and screenshot routes could expose internal page content after navigation
Moderate
GHSA-c4qm-58hj-j6pj
was published
for
openclaw
(npm)
Apr 17, 2026
langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding
Low
GHSA-r7w7-9xr2-qq2r
was published
for
langchain-openai
(pip)
Apr 16, 2026
ProTip!
Advisories are also available from the
GraphQL API