Elsas
MCP Security Status / openclaw

openclaw

npm package · 4 known security advisories in the elsas feed · worst severity HIGH · last seen 2026-07-02.

→ Is your version of openclaw affected?
Send your dependency list or lockfile to check_affected on the MCP endpoint https://elsas.it/mcp — free when you're not affected, micro-priced (capped at $0.10) only on a confirmed match. Full remediation detail is in the paid get_today / get_items.

advisories

AdvisorySeverityCVSSAffected versionsFixed inDate
CVE-2026-53818MODERATE6.6< 2026.4.242026.4.242026-07-02
CVE-2026-53814HIGH8.4< 2026.5.202026.5.202026-07-02
GHSA-qh2f-99mv-mrcfMODERATE0.0< 2026.5.122026.5.122026-07-02
GHSA-9c3v-684m-579cMODERATE6.5< 2026.6.52026.6.52026-07-01
These are advisories on record in the elsas feed, each linked to its primary source (GHSA/CVE/OSV/CISA-KEV) — the authoritative record. This page is informational and is not a complete audit of openclaw.

verify

1. Open each linked advisory above — the primary source is the truth.
2. Each advisory was published in a daily report that is Ed25519-signed; see status.json for the report_id.
3. Full signature-verification recipe →