Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-vcx4-4qxg-mfp4
  • npm/openclaw
 OpenClaw: Telegram Webhook Missing Guess Rate Limiting Enables Brute-Force Guessing of Weak Webhook Secret 9 hours ago
  • No fix available
  • Severity - 6.3 (Medium)
GHSA-mw7w-g3mg-xqm7
  • npm/openclaw
 OpenClaw: BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events 9 hours ago
  • No fix available
  • Severity - 5.3 (Medium)
GHSA-9wqx-g2cw-vc7r
  • npm/openclaw
 OpenClaw: Matrix Verification Notices Bypass Matrix DM Policy and Reply to Unpaired DM Peers 9 hours ago
  • No fix available
  • Severity - 5.3 (Medium)
GHSA-xq8g-hgh6-87hv
  • npm/openclaw
 OpenClaw: BlueBubbles Webhook Missing Rate Limiting Enables Brute-Force Password Guessing 9 hours ago
  • No fix available
GHSA-qm2m-28pf-hgjw
  • npm/openclaw
 OpenClaw: Gateway Plugin HTTP Auth Grants Unrestricted operator.admin Runtime Scope to All Callers 9 hours ago
  • No fix available
  • Severity - 8.6 (High)
GHSA-fqw4-mph7-2vr8
  • npm/openclaw
 OpenClaw: Silent privilege escalation via gateway shared-auth reconnect 9 hours ago
  • No fix available
  • Severity - 9.4 (Critical)
GHSA-9hjh-fr4f-gxc4
  • npm/openclaw
 OpenClaw: Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin 10 hours ago
  • No fix available
  • Severity - 9.3 (Critical)
GHSA-9p93-7j67-5pc2
  • npm/openclaw
 OpenClaw: Gateway HTTP /sessions/:sessionKey/kill Reaches Admin Kill Path Without Caller Scope Binding 10 hours ago
  • No fix available
  • Severity - 7.1 (High)
GHSA-27v5-c462-wpq7
  • npm/path-to-regexp
 path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards 10 hours ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-j3q9-mxjg-w52f
  • npm/path-to-regexp
 path-to-regexp vulnerable to Denial of Service via sequential optional groups 10 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-h8r8-wccr-v5f2
  • npm/dompurify
 DOMPurify is vulnerable to mutation-XSS via Re-Contextualization 11 hours ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-37ch-88jc-xwx2
  • npm/path-to-regexp
 path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters 12 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-gjxx-92w9-8v8f
  • npm/@clerk/backend
  • npm/@clerk/express
  • npm/@clerk/fastify
  • npm/@clerk/hono
 Clerk: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host 12 hours ago
  • Fix available
  • Severity - 7.4 (High)
GHSA-3p2m-h2v6-g9mx
  • npm/@mobilenext/mobile-mcp
 @mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools 13 hours ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-xjpj-3mr7-gcpf
  • npm/handlebars
 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options 14 hours ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-xhpv-hc6g-r9c6
  • npm/handlebars
 Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial 14 hours ago
  • Fix available
  • Severity - 8.1 (High)
Load more...