clawdbot vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-28480Mediumopenclaw: OpenClaw Telegram allowlist authorization accepted mutable usernamesCVE-2026-28469Highopenclaw: OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context…CVE-2026-26317Highopenclaw: OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpointsCVE-2026-28478Highopenclaw: OpenClaw affected by denial of service via unbounded webhook request body bufferingCVE-2026-28452Mediumopenclaw: OpenClaw affected by denial of service through unguarded archive extraction allowing high…CVE-2026-29612Mediumopenclaw: OpenClaw: denial of service through large base64 media files allocating large buffers before limit…CVE-2026-26328Mediumopenclaw: OpenClaw iMessage group allowlist authorization inherited DM pairing-store identitiesGHSA-CHM2-M3W2-WCXMLowopenclaw: OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite…CVE-2026-25157Highclawdbot: OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommandCVE-2026-25253Highclawdbot: OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrlCVE-2026-24763Highclawdbot: OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable

Stop the waste.
Protect your environment with Kodem.