The rapid surge in security advisories from the self-hosted AI agent OpenClaw has exposed a significant and growing divide between GitHub’s advisory system and the established Common Vulnerabilities and Exposures (CVE) tracking ecosystem. Weeks after becoming GitHub’s most-starred repository, OpenClaw’s creators began publishing security advisories at an unprecedented rate, highlighting how the global vulnerability identification systems are struggling to keep pace with the proliferation of AI-driven development and its associated disclosures.
In late February, OpenClaw had already published over 200 GitHub Security Advisories (GHSAs), with its security page now listing 255 disclosures. These advisories frequently detail critical issues such as command execution controls, authorization bypasses, and plugin boundary vulnerabilities. The sheer volume and speed of these disclosures overwhelmed the traditional process for assigning CVE identifiers, leaving a substantial number of advisories without the globally recognized CVE IDs.
The Growing GHSA and CVE Divide
Analysts at Socket.dev noted that this influx of OpenClaw advisories starkly illuminated a fragmentation problem within vulnerability disclosure that predates the current AI development wave. The scale of these disclosures from a single project amplified the visibility of the gap between GHSA and CVE tracking mechanisms.
The tension between the two systems became evident when VulnCheck, a cybersecurity firm, attempted to request “DIBS” (a signal used by CVE Numbering Authorities to indicate intent to evaluate a vulnerability) for 170 OpenClaw advisories lacking CVE identifiers. VulnCheck’s VP of Research, Caitlin Condon, stated the aim was to ensure CVE coverage before potential weaponization of the issues. However, MITRE’s TL-Root pushed back, explaining that DIBS is intended for individual vulnerabilities meeting specific criteria, not for a bulk classification of an entire project. The request was ultimately closed without further action.
Further complicating matters, OpenClaw was previously known by different names, Clawdbot and Moltbot. This naming history creates additional challenges for indexing its vulnerabilities across various databases and advisory systems. Automation platforms that execute commands on behalf of users across external services inherently expose numerous attack surfaces, and systematic researcher reviews of such tools can lead to a rapid increase in disclosure counts.
GitHub Security Advisories offer a more streamlined process for project maintainers. A researcher reports an issue, and the maintainer can publish it directly without needing external coordination. In contrast, requesting a CVE involves navigating a CVE Numbering Authority, formatting specific metadata, and waiting for assignment. Consequently, many projects now opt for GHSA-only disclosures, bypassing CVE requests entirely.
This shift creates a significant blind spot for security teams. Most enterprise security tooling, including vulnerability scanners, patch management systems, Software Bill of Materials (SBOM) tools, and compliance frameworks, relies heavily on CVE identifiers. This means any vulnerability disclosed solely as a GHSA can remain entirely invisible to these critical systems.
Research sheds light on the scale of this issue. A 2024 investigation from UC Irvine found that the GitHub Advisory Database contained over 213,000 unreviewed advisories, with fewer than six being reviewed daily—a rate projected to take 95 years to clear. A 2026 study by Brazil’s Fluminense Federal University analyzed over 288,000 GHSAs and found that only 8% had undergone formal review by GitHub. Unreviewed advisories do not trigger automated alerts, meaning downstream projects may never be aware they are using vulnerable packages.
Security engineer Jerry Gamblin of RogoLabs has developed a dedicated tracker that continuously cross-references OpenClaw advisories between the GitHub Advisory Database and the CVE Project’s cvelistV5 repository. This tracker includes fixed-version data to prevent confusion about which issues remain unpatched.
Josh Bressers, VP of Security at Anchore, highlighted that many organizations continue to disregard vulnerabilities that lack a CVE identifier, posing an operational risk. Consequently, security teams leveraging AI-driven development and automation platforms must diligently cross-reference both GHSA and CVE databases when assessing their exposure. Relying on a single tracking source risks leaving known vulnerabilities undetected in deployed environments, especially as AI-accelerated development drives an increasing pace of advisory disclosures.