npm package · 4 known security advisories in the elsas feed · worst severity HIGH · last seen 2026-07-02.
→ Is your version of openclaw affected?check_affected on the MCP
endpoint https://elsas.it/mcp — free when you're not affected, micro-priced (capped at
$0.10) only on a confirmed match. Full remediation detail is in the paid get_today /
get_items.
| Advisory | Severity | CVSS | Affected versions | Fixed in | Date |
|---|---|---|---|---|---|
| CVE-2026-53818 | MODERATE | 6.6 | < 2026.4.24 | 2026.4.24 | 2026-07-02 |
| CVE-2026-53814 | HIGH | 8.4 | < 2026.5.20 | 2026.5.20 | 2026-07-02 |
| GHSA-qh2f-99mv-mrcf | MODERATE | 0.0 | < 2026.5.12 | 2026.5.12 | 2026-07-02 |
| GHSA-9c3v-684m-579c | MODERATE | 6.5 | < 2026.6.5 | 2026.6.5 | 2026-07-01 |
1. Open each linked advisory above — the primary source is the truth.
2. Each advisory was published in a daily report that is Ed25519-signed;
see status.json for the report_id.
3. Full signature-verification recipe →