This repository is a read-only security tracker — it aggregates and presents publicly available CVE and GHSA data for the OpenClaw project. It does not contain any OpenClaw application code.
Please report it directly to the OpenClaw project:
- GitHub Security Advisories: openclaw/openclaw → Report a vulnerability
- Repository: github.com/openclaw/openclaw
If you've found a bug in this tracker's automation (e.g., incorrect data, missing advisories, script errors), please open an issue.
This tracker monitors:
- GitHub Advisory Database entries for
openclaw,clawdbot, andmoltbot - CVEProject/cvelistV5 — a full scan of the registry for every CVE whose affected product is OpenClaw, regardless of which CNA assigned it (most are assigned by VulnCheck, not the project itself)
- Repo-level security advisories on the OpenClaw repository
All vulnerabilities listed in this tracker are public records. Project-issued advisories were disclosed through GitHub's coordinated disclosure process; third-party CVEs are sourced from their published CVE List V5 records. We do not publish vulnerability details beyond what is already public in the referenced GHSAs and CVE records.