Skip to content

Request CVE assignment for published GHSA-9c3v-684m-579c (openclaw) #8393

Description

@dingliweixlm-byte

Hi GitHub Security Team,

I am the original security researcher who reported the vulnerability documented in GHSA-9c3v-684m-579c.

Advisory Link: GHSA-9c3v-684m-579c

The vendor (OpenClaw) has officially accepted the vulnerability, patched it (version < 2026.6.5), and published this repository-level advisory today. However, they did not request a CVE ID during the publication process.

Since this is a publicly disclosed, confirmed architectural security flaw affecting the npm ecosystem, I am requesting that the GitHub CNA team review this advisory, promote it to the Global Advisory Database, and assign an official CVE ID so that it can be properly tracked by the community and downstream enterprise users.

Thank you!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions