Security: openclaw/openclaw
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
OpenAI-compatible HTTP model overrides could miss admin authorizationGHSA-jhfx-v2j8-x3m6 published
Jun 30, 2026 by joshavantHigh -
Feishu tools could ignore per-account disablementGHSA-2q7j-2vhx-56g8 published
Jun 30, 2026 by joshavantHigh -
Feishu permission tools could ignore per-account disablementGHSA-w8wf-3qvj-6xqf published
Jun 30, 2026 by joshavantHigh -
OpenShell mirror sync could follow remote symlink parentsGHSA-m38g-vpwj-mpg9 published
Jun 30, 2026 by joshavantHigh -
flock wrapper could bypass durable exec approval bindingGHSA-3fp5-v549-9v66 published
Jun 30, 2026 by joshavantHigh -
Message mutations could skip requester authorizationGHSA-v7hx-r36p-f68m published
Jun 30, 2026 by joshavantHigh -
Discord guild actions could skip cross-provider requester authorizationGHSA-3pmr-x9g8-m55r published
Jun 30, 2026 by joshavantHigh -
Plugin install wrappers could skip install policyGHSA-wgq8-x5wm-g4rw published
Jun 30, 2026 by joshavantModerate -
Plugin install commands could allow non-owner persistenceGHSA-7vrr-rp4x-4g76 published
Jun 30, 2026 by joshavantHigh -
MCP loopback could expose owner-only tools to non-owner runsGHSA-52xj-c9p8-78cv published
Jun 30, 2026 by joshavantHigh