Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-p4x4-2r7f-wjxg
  • npm/openclaw
 OpenClaw gateway exec allow-always over-trusts positional carrier executables 16 minutes ago
  • Fix available
  • Severity - 7.3 (High)
GHSA-qxgf-hmcj-3xw3
  • npm/openclaw
 OpenClaw affected by SSRF via unguarded image download in fal provider 17 minutes ago
  • Fix available
  • Severity - 2.3 (Low)
GHSA-5h2w-qmfp-ggp6
  • npm/openclaw
 OpenClaw: Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose` 21 minutes ago
  • Fix available
  • Severity - 7.1 (High)
GHSA-m866-6qv5-p2fg
  • npm/openclaw
 OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override 22 minutes ago
  • Fix available
  • Severity - 4.9 (Medium)
GHSA-jccr-rrw2-vc8h
  • npm/openclaw
 OpenClaw safeBins jq `$ENV` filter bypass allows environment variable disclosure 23 minutes ago
  • Fix available
  • Severity - 7.7 (High)
GHSA-v8wv-jg3q-qwpq
  • npm/openclaw
 OpenClaw's message tool media parameter bypasses tool policy filesystem isolation 24 minutes ago
  • Fix available
  • Severity - 7.1 (High)
GHSA-f44p-c7w9-7xr7
  • npm/openclaw
 OpenClaw: Gateway WebSocket Denial of Service via unbounded pre-auth upgrades 25 minutes ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-qf48-qfv4-jjm9
  • npm/openclaw
 OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image 26 minutes ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-98hh-7ghg-x6rq
  • npm/openclaw
 OpenClaw: Discord text `/approve` bypasses `channels.discord.execApprovals.approvers` and allows non-approvers to resolve pending exec approvals 26 minutes ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-2pr2-hcv6-7gwv
  • npm/openclaw
 OpenClaw's device removal and token revocation do not terminate active WebSocket sessions 27 minutes ago
  • Fix available
  • Severity - 8.6 (High)
GHSA-3cw3-5vxw-g2h3
  • npm/openclaw
 OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials 28 minutes ago
  • Fix available
  • Severity - 7.4 (High)
GHSA-v2v2-f783-358j
  • npm/openclaw
 OpenClaw: Zalo channel downloads media before sender authorization 28 minutes ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-hc5h-pmr3-3497
  • npm/openclaw
 OpenClaw: /pair approve command path omitted caller scope subsetting and reopened device pairing escalation 28 minutes ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-8689-gm9g-jgr6
  • npm/openclaw
 OpenClaw: Voice-call Plivo V3 webhook replay key uses unsorted URL, allowing replay via query-parameter reordering 29 minutes ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-mfj6-6p54-m98c
  • npm/parse-server
 parse-server has GraphQL complexity validator exponential fragment traversal DoS 30 minutes ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-vpj2-qq7w-5qq6
  • npm/parse-server
 parse-server has cloud function validator bypass via prototype chain traversal 30 minutes ago
  • Fix available
  • Severity - 9.1 (Critical)
Load more...