How many CVEs does OpenClaw have?

433 published CVE records in five months — roughly 2.6 security failures per day.

Where can I track OpenClaw CVEs?

jgamblin/OpenClawCVEs GitHub repository (150 stars) catalogs 137+ advisories.

What types of vulnerabilities affect OpenClaw?

Privilege escalation, sandbox escapes, execution allowlist bypasses, SSRF, DoS, and supply chain attacks.

Microsoft Defender team says it should be treated as untrusted code execution with persistent credentials.

Should enterprises use OpenClaw?

Industry experts call the security situation 'an embarrassment to engineering' and recommend extensive hardening.

← Back to dashboard

clawsmith.com/signal/openclaw-433-cves-five-months-security-crisis-deepens

⚠ IssueWide OpenSecurityLive

OpenClaw Hits 433 CVEs in Five Months: 2.6 Security Failures Per Day

OpenClaw accumulates 433 published CVE records in just five months — roughly 2.6 security failures per day. Microsoft Defender team says OpenClaw should be treated as untrusted code. jgamblin/OpenClawCVEs tracker (150 stars) catalogs 137+ advisories.

Product Idea from this Signal

A CLI tool that scans a running OpenClaw instance for active CVEs, malicious skills, and supply chain tampering before they get exploited

807 ▲

OpenClaw has accumulated 433+ CVEs in five months including critical auth bypasses (CVSS 9.8), sandbox escapes, and nation-state supply chain attacks targeting the npm ecosystem. Most operators have no idea which CVEs affect their specific version, whether their installed skills contain backdoors, or if their dependency tree has been tampered with. This tool runs a comprehensive security audit against a live OpenClaw instance and outputs an actionable remediation plan.

CLIOPEN-SOURCESECURITYDEVTOOLAUDIT

CompetitiveView Opportunity →