GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
19 advisories
OpenClaw: GIT_DIR and related git plumbing env vars missing from exec env denylist (GHSA-m866-6qv5-p2fg variant)
Low
GHSA-cm8v-2vh9-cxf3
was published
for
openclaw
(npm)
Apr 9, 2026
OpenClaw's tools.exec.safeBins generic fallback allowed interpreter-style inline payload execution in allowlist mode
Low
GHSA-8mf7-vv8w-hjr2
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags
Low
CVE-2026-31996
was published
for
openclaw
(npm)
Feb 19, 2026
Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`
Low
CVE-2024-52587
was published
for
step-security/harden-runner
(GitHub Actions)
Nov 18, 2024
ProTip!
Advisories are also available from the
GraphQL API