Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
MAL-2026-2297
  • npm/earthengine-api
 Malicious code in earthengine-api (npm) 9 hours ago
  • No fix available
MAL-2026-2296
  • npm/bos-decoration-elements
 Malicious code in bos-decoration-elements (npm) 12 hours ago
  • No fix available
GHSA-4hmj-39m8-jwc7
  • npm/openclaw
 OpenClaw has ACP CLI approval prompt ANSI escape sequence injection 19 hours ago
  • Fix available
GHSA-j4c9-w69r-cw33
  • npm/openclaw
 OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State 19 hours ago
  • Fix available
GHSA-mf5g-6r6f-ghhm
  • npm/openclaw
 OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token 19 hours ago
  • Fix available
GHSA-rf6h-5gpw-qrgq
  • npm/openclaw
 OpenClaw: MS Teams Feedback Invocation Bypasses Sender Allowlists and Records Unauthorized Session Feedback 19 hours ago
  • Fix available
GHSA-h4jx-hjr3-fhgc
  • npm/openclaw
 OpenClaw: Gateway Plugin Subagent Fallback `deleteSession` Uses Synthetic `operator.admin` 19 hours ago
  • Fix available
GHSA-77w2-crqv-cmv3
  • npm/openclaw
 OpenClaw: Feishu Raw Card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing 19 hours ago
  • Fix available
GHSA-3h52-cx59-c456
  • npm/openclaw
 OpenClaw: Feishu webhook reads and parses unauthenticated request bodies before signature validation 19 hours ago
  • Fix available
GHSA-rhfg-j8jq-7v2h
  • npm/openclaw
 OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476) 19 hours ago
  • Fix available
GHSA-52q4-3xjc-6778
  • npm/openclaw
 OpenClaw: Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName 19 hours ago
  • Fix available
GHSA-q2qc-744p-66r2
  • npm/openclaw
 OpenClaw: `session_status` sessionId resolution bypasses sandboxed session-tree visibility 19 hours ago
  • Fix available
GHSA-5jvj-hxmh-6h6j
  • npm/openclaw
 OpenClaw: Gateway HTTP Session History Route Bypasses Operator Read Scope 19 hours ago
  • No fix available
  • Severity - 5.3 (Medium)
GHSA-qpfv-44f3-qqx6
  • npm/@mikro-orm/core
 MikroORM has Prototype Pollution in Utils.merge 19 hours ago
  • Fix available
  • Severity - 8.3 (High)
GHSA-gwhv-j974-6fxm
  • npm/@mikro-orm/core
 MikroORM is vulnerable to SQL Injection via specially crafted object 19 hours ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-7fqq-q52p-2jjg
  • PyPI/opencc
  • npm/opencc
 OpenCC has an Out-of-bounds read when processing truncated UTF-8 input 19 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
Load more...