github
diff --git a/‎advisories/github-reviewed/2026/03/GHSA-cjq8-m7wj-xmq9/GHSA-cjq8-m7wj-xmq9.json‎
Lines changed: 68 additions & 0 deletions b/‎advisories/github-reviewed/2026/03/GHSA-cjq8-m7wj-xmq9/GHSA-cjq8-m7wj-xmq9.json‎
Lines changed: 68 additions & 0 deletions
diff --git a/‎…-cxcw-jm67-3wwp/GHSA-cxcw-jm67-3wwp.json‎ ‎…-cxcw-jm67-3wwp/GHSA-cxcw-jm67-3wwp.json‎advisories/unreviewed/2026/03/GHSA-cxcw-jm67-3wwp/GHSA-cxcw-jm67-3wwp.json renamed to advisories/github-reviewed/2026/03/GHSA-cxcw-jm67-3wwp/GHSA-cxcw-jm67-3wwp.json
Lines changed: 28 additions & 8 deletions b/‎…-cxcw-jm67-3wwp/GHSA-cxcw-jm67-3wwp.json‎ ‎…-cxcw-jm67-3wwp/GHSA-cxcw-jm67-3wwp.json‎advisories/unreviewed/2026/03/GHSA-cxcw-jm67-3wwp/GHSA-cxcw-jm67-3wwp.json renamed to advisories/github-reviewed/2026/03/GHSA-cxcw-jm67-3wwp/GHSA-cxcw-jm67-3wwp.json
Lines changed: 28 additions & 8 deletions
diff --git a/‎…-g839-vp47-wgh8/GHSA-g839-vp47-wgh8.json‎ ‎…-g839-vp47-wgh8/GHSA-g839-vp47-wgh8.json‎advisories/unreviewed/2026/03/GHSA-g839-vp47-wgh8/GHSA-g839-vp47-wgh8.json renamed to advisories/github-reviewed/2026/03/GHSA-g839-vp47-wgh8/GHSA-g839-vp47-wgh8.json
Lines changed: 28 additions & 8 deletions b/‎…-g839-vp47-wgh8/GHSA-g839-vp47-wgh8.json‎ ‎…-g839-vp47-wgh8/GHSA-g839-vp47-wgh8.json‎advisories/unreviewed/2026/03/GHSA-g839-vp47-wgh8/GHSA-g839-vp47-wgh8.json renamed to advisories/github-reviewed/2026/03/GHSA-g839-vp47-wgh8/GHSA-g839-vp47-wgh8.json
Lines changed: 28 additions & 8 deletions
diff --git a/‎advisories/github-reviewed/2026/03/GHSA-mxmg-3p7m-2ghr/GHSA-mxmg-3p7m-2ghr.json‎
Lines changed: 68 additions & 0 deletions b/‎advisories/github-reviewed/2026/03/GHSA-mxmg-3p7m-2ghr/GHSA-mxmg-3p7m-2ghr.json‎
Lines changed: 68 additions & 0 deletions
diff --git a/‎…-rcx4-77x4-hjx5/GHSA-rcx4-77x4-hjx5.json‎ ‎…-rcx4-77x4-hjx5/GHSA-rcx4-77x4-hjx5.json‎advisories/unreviewed/2026/03/GHSA-rcx4-77x4-hjx5/GHSA-rcx4-77x4-hjx5.json renamed to advisories/github-reviewed/2026/03/GHSA-rcx4-77x4-hjx5/GHSA-rcx4-77x4-hjx5.json
Lines changed: 28 additions & 8 deletions b/‎…-rcx4-77x4-hjx5/GHSA-rcx4-77x4-hjx5.json‎ ‎…-rcx4-77x4-hjx5/GHSA-rcx4-77x4-hjx5.json‎advisories/unreviewed/2026/03/GHSA-rcx4-77x4-hjx5/GHSA-rcx4-77x4-hjx5.json renamed to advisories/github-reviewed/2026/03/GHSA-rcx4-77x4-hjx5/GHSA-rcx4-77x4-hjx5.json
Lines changed: 28 additions & 8 deletions
diff --git a/‎advisories/github-reviewed/2026/03/GHSA-rj39-33v7-9xrq/GHSA-rj39-33v7-9xrq.json‎
Lines changed: 68 additions & 0 deletions b/‎advisories/github-reviewed/2026/03/GHSA-rj39-33v7-9xrq/GHSA-rj39-33v7-9xrq.json‎
Lines changed: 68 additions & 0 deletions
@@ -0,0 +1,68 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cjq8-m7wj-xmq9",
+  "modified": "2026-03-24T19:06:31Z",
+  "published": "2026-03-21T03:31:14Z",
+  "withdrawn": "2026-03-24T19:06:31Z",
+  "aliases": [],
+  "summary": "Duplicate Advisory: OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows",
+  "details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-hjvp-qhm6-wrh2. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with host=node that allows reuse of previously approved requests with modified environment variables. Attackers with access to an approval id can exploit this by reusing an approval with changed env input, bypassing execution-integrity controls in approval-enabled workflows.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "< 2026.2.26"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hjvp-qhm6-wrh2"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32058"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/10481097f8e6dd0346db9be0b5f27570e1bdfcfa"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-approval-context-binding-weakness-in-system-run-via-host-node"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-863"
+    ],
+    "severity": "LOW",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-24T19:06:31Z",
+    "nvd_published_at": "2026-03-21T01:17:09Z"
+  }
+}
@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cxcw-jm67-3wwp",
-  "modified": "2026-03-21T03:31:14Z",
+  "modified": "2026-03-24T19:06:52Z",
   "published": "2026-03-21T03:31:14Z",
-  "aliases": [
-    "CVE-2026-32064"
-  ],
-  "details": "OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC observer sessions, allowing unauthenticated access to the VNC interface. Remote attackers on the host loopback interface can connect to the exposed noVNC port to observe or interact with the sandbox browser without credentials.",
+  "withdrawn": "2026-03-24T19:06:52Z",
+  "aliases": [],
+  "summary": "Duplicate Advisory: OpenClaw's andbox browser noVNC observer lacked VNC authentication",
+  "details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-25gx-x37c-7pph. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC observer sessions, allowing unauthenticated access to the VNC interface. Remote attackers on the host loopback interface can connect to the exposed noVNC port to observe or interact with the sandbox browser without credentials.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -17,7 +17,27 @@
       "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "< 2026.2.21"
+      }
+    }
+  ],
   "references": [
     {
       "type": "WEB",
@@ -45,8 +65,8 @@
       "CWE-306"
     ],
     "severity": "HIGH",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-24T19:06:52Z",
     "nvd_published_at": "2026-03-21T01:17:09Z"
   }
 }
@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g839-vp47-wgh8",
-  "modified": "2026-03-21T03:31:15Z",
+  "modified": "2026-03-24T19:07:19Z",
   "published": "2026-03-21T03:31:15Z",
-  "aliases": [
-    "CVE-2026-32899"
-  ],
-  "details": "OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction_* and pin_* non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from restricted senders.",
+  "withdrawn": "2026-03-24T19:07:19Z",
+  "aliases": [],
+  "summary": "Duplicate Advisory: OpenClaw's Slack reaction/pin sender-policy consistency issue in non-message ingress",
+  "details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-rm2p-j3r7-4x4j]. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction_* and pin_* non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from restricted senders.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -17,7 +17,27 @@
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "2026.2.24"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "WEB",
@@ -45,8 +65,8 @@
       "CWE-863"
     ],
     "severity": "MODERATE",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-24T19:07:19Z",
     "nvd_published_at": "2026-03-21T01:17:11Z"
   }
 }
@@ -0,0 +1,68 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mxmg-3p7m-2ghr",
+  "modified": "2026-03-24T19:07:00Z",
+  "published": "2026-03-21T03:31:14Z",
+  "withdrawn": "2026-03-24T19:07:00Z",
+  "aliases": [],
+  "summary": "Duplicate Advisory: OpenClaw: system.run approval identity mismatch could execute a different binary than displayed",
+  "details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-hwpq-rrpf-pgcq. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to execute a different binary than what the approver displayed, allowing unexpected command execution under the OpenClaw runtime user when they can influence command argv and reuse an approval context.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "2026.2.24"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hwpq-rrpf-pgcq"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32065"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/03e689fc89bbecbcd02876a95957ef1ad9caa176"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-approval-identity-mismatch-in-system-run-command-execution"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-436"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-24T19:07:00Z",
+    "nvd_published_at": "2026-03-21T01:17:09Z"
+  }
+}
@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rcx4-77x4-hjx5",
-  "modified": "2026-03-21T03:31:15Z",
+  "modified": "2026-03-24T19:07:09Z",
   "published": "2026-03-21T03:31:15Z",
-  "aliases": [
-    "CVE-2026-32898"
-  ],
-  "details": "OpenClaw versions prior to 2026.2.23 contain an authorization bypass vulnerability in the ACP client that auto-approves tool calls based on untrusted toolCall.kind metadata and permissive name heuristics. Attackers can bypass interactive approval prompts for read-class operations by spoofing tool metadata or using non-core read-like names to reach auto-approve paths.",
+  "withdrawn": "2026-03-24T19:07:09Z",
+  "aliases": [],
+  "summary": "Duplicate Advisory: OpenClaw ACP client has permission auto-approval bypass via untrusted tool metadata",
+  "details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-7jx5-9fjg-hp4m. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.23 contain an authorization bypass vulnerability in the ACP client that auto-approves tool calls based on untrusted toolCall.kind metadata and permissive name heuristics. Attackers can bypass interactive approval prompts for read-class operations by spoofing tool metadata or using non-core read-like names to reach auto-approve paths.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -17,7 +17,27 @@
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "2026.2.22-2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "WEB",
@@ -45,8 +65,8 @@
       "CWE-807"
     ],
     "severity": "MODERATE",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-24T19:07:09Z",
     "nvd_published_at": "2026-03-21T01:17:10Z"
   }
 }
@@ -0,0 +1,68 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rj39-33v7-9xrq",
+  "modified": "2026-03-24T19:06:06Z",
+  "published": "2026-03-21T03:31:14Z",
+  "withdrawn": "2026-03-24T19:06:06Z",
+  "aliases": [],
+  "summary": "Duplicate Advisory: OpenClaw's shell startup env injection bypasses system.run allowlist intent (RCE class)",
+  "details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-xgf2-vxv2-rrmg. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startup files such as .bash_profile or .zshenv to achieve arbitrary code execution before allowlist-evaluated commands are executed.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "< 2026.2.22"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xgf2-vxv2-rrmg"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32056"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/c2c7114ed39a547ab6276e1e933029b9530ee906"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-remote-code-execution-via-shell-startup-environment-variable-injection-in-system-run"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-24T19:06:06Z",
+    "nvd_published_at": "2026-03-21T01:17:09Z"
+  }
+}