OpenClaw, a self-hosted AI agent, rose to become GitHub’s most-starred repository weeks after its launch, drawing a large developer community and immediate researcher attention.
Nobody anticipated this growth would soon become an unexpected stress test for the global vulnerability tracking ecosystem.
In late February, the project began publishing security advisories at a rate few open source projects had ever matched, quickly revealing a structural divide between two of the most relied-upon vulnerability identification systems.
Within three weeks of going viral, OpenClaw had published more than 200 GitHub Security Advisories, commonly known as GHSAs.
The project’s security advisory page now lists 255 disclosures, many describing issues tied to command execution controls, authorization checks, allowlist enforcement, and plugin boundaries.
The volume of these disclosures arrived faster than the traditional CVE assignment process could handle, leaving a large number of advisories without corresponding CVE identifiers.
.webp)
Socket.dev analysts noted the rapid accumulation of OpenClaw advisories placed a direct spotlight on a fragmentation problem quietly developing in the vulnerability disclosure landscape, long before AI-driven development began reshaping the open source world.
The scale of disclosures tied to a single project made the divide between GHSA and CVE tracking far more visible than before.
Things escalated when VulnCheck submitted a request in the CVE Project working group to call “DIBS” on 170 OpenClaw advisories lacking CVE identifiers.
DIBS is an informal coordination signal used among CVE Numbering Authorities, indicating an organization intends to evaluate a vulnerability and potentially assign it a CVE.
VulnCheck VP of Research Caitlin Condon stated the firm wanted to ensure CVE coverage before any issue could be weaponized.
MITRE’s TL-Root pushed back, noting DIBS was designed to flag individual vulnerabilities meeting specific criteria, not to classify an entire project as a bulk target. The request was eventually closed.
.webp)
OpenClaw was previously known under the names Clawdbot and Moltbot, a naming history that further complicates how its vulnerabilities are indexed across multiple databases and advisory systems.
Automation platforms that run commands on behalf of users across external services tend to expose many attack surfaces, and when researchers begin systematic review of such tools, disclosure counts can grow quickly.
The Growing GHSA and CVE Divide
GitHub Security Advisories offer a simpler path for maintainers. A researcher reports an issue, the maintainer publishes it, and no external coordination is needed.
Requesting a CVE means going through a CVE Numbering Authority, formatting metadata, and waiting for assignment, so many projects now default to GHSA-only and skip CVE requests entirely.
This creates a real blind spot for security teams because most enterprise tooling, including vulnerability scanners, patch management systems, SBOM tools, and compliance frameworks, is built around CVE identifiers, meaning any vulnerability disclosed only as a GHSA can remain completely invisible to those systems.
A 2024 investigation from UC Irvine found the GitHub Advisory Database held more than 213,000 unreviewed advisories, with fewer than six reviewed daily, a rate researchers estimated would take 95 years to clear.
A 2026 study from Brazil’s Fluminense Federal University analyzed more than 288,000 GHSAs and found only 8% had been formally reviewed by GitHub, and unreviewed advisories do not trigger Dependabot alerts, so downstream projects may never learn they depend on vulnerable packages.
Security engineer Jerry Gamblin of RogoLabs built a dedicated tracker cross-referencing OpenClaw advisories across the GitHub Advisory Database and the CVE Project’s cvelistV5 repository, updating hourly and including fixed-version data to prevent confusion about which issues remain unpatched.
Josh Bressers, VP of Security at Anchore, noted many organizations still disregard vulnerabilities without a CVE, making this gap an operational risk.
Security teams relying on AI-driven and automation platforms should cross-reference both GHSA and CVE databases when reviewing their exposure.
Relying on a single tracking source risks leaving known vulnerabilities entirely undetected across deployed environments, as AI-accelerated development generates advisory disclosures at a growing pace.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
