Security Advisories
A list of vulnerabilities (CVE / GHSA) publicly disclosed by Tencent Zhuque Lab. View as JSONopen_in_new
bug_report
Vulnerabilities
67
deployed_code
Products
21
leaderboard
Severity Breakdown
-
open_in_newLow CVE-2026-43529 CWE-367
OpenClaw: TOCTOU read in exec script preflight
deployed_code Affected: OpenClaw < 2026.4.10 calendar_today Published: May 05, 2026 -
open_in_newLow GHSA-j4c5-89f5-f3pm CWE-918
OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks
deployed_code Affected: openclaw < 2026.4.20 calendar_today Published: April 25, 2026 -
open_in_newLow CVE-2026-41915 CWE-78/CWE-184
OpenClaw: GIT_DIR and related git plumbing env vars missing from exec env denylist (GHSA-m866-6qv5-p2fg variant)
deployed_code Affected: openclaw < 2026.4.8 calendar_today Published: April 09, 2026 -
open_in_newLow GHSA-g86v-f9qv-rh6m CWE-918
OpenClaw SSRF guard misses four IPv6 special-use ranges
deployed_code Affected: openclaw <= 2026.3.24 calendar_today Published: March 31, 2026
Per page
