PT-2026-31060

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The compiler failed to correctly determine non-overlapping memory moves due to a no-op interface conversion, potentially leading to memory corruption during runtime. This issue involves unwrapping...

[SECURITY] Fedora 42 Update: rust-1.94.1-1.fc42

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

[SECURITY] Fedora 43 Update: rust-sccache-0.14.0-2.fc43

Sccache is a ccache-like tool. It is used as a compiler wrapper and avoids compilation when possible. Sccache has the capability to utilize caching in remote storage environments, including various cloud storage options, or alternatively, in local storage...

GHSA-CG7Q-FG22-4G98 OpenClaw: Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables

Summary Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables Current Maintainer Triage - Normalized severity: medium - Assessment: v2026.3.28 also misses the broader package, registry, compiler, Docker, and TLS env family in the shipped host-en...

OpenClaw: Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables

Summary Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables Current Maintainer Triage - Normalized severity: medium - Assessment: v2026.3.28 also misses the broader package, registry, compiler, Docker, and TLS env family in the shipped host-en...

Uncontrolled Search Path Element

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Uncontrolled Search Path Element via environment variable overrides of compiler binaries during approved host execution requests. An attacker can execute arbitrary code by substituting...

GHSA-G8XP-QX39-9JQ9 OpenClaw: Incomplete host-env-security-policy allows untrusted model to substitute compiler binaries via env overrides

Summary Incomplete host-env-security-policy.json allows untrusted model to substitute compiler binaries CC, CXX, CARGOBUILDRUSTC, CMAKECCOMPILER via env overrides on approved host exec requests Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Shipped v2026.3....

OpenClaw: Incomplete host-env-security-policy allows untrusted model to substitute compiler binaries via env overrides

Summary Incomplete host-env-security-policy.json allows untrusted model to substitute compiler binaries CC, CXX, CARGOBUILDRUSTC, CMAKECCOMPILER via env overrides on approved host exec requests Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Shipped v2026.3....

CVE-2025-66442

A flaw was found in Mbed TLS and TF-PSA-Crypto. This vulnerability is a compiler-induced timing side channel that occurs when the LLVM compiler's select-optimize feature is enabled. A remote attacker could potentially exploit this timing difference during RSA and CBC/ECB decryption operations to...

[SECURITY] Fedora 42 Update: rust-sccache-0.12.0-4.fc42

Sccache is a ccache-like tool. It is used as a compiler wrapper and avoids compilation when possible. Sccache has the capability to utilize caching in remote storage environments, including various cloud storage options, or alternatively, in local storage...

[SECURITY] Fedora 43 Update: rust-1.94.1-1.fc43

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

Covert Timing Channel

Overview Affected versions of this package are vulnerable to Covert Timing Channel via timing differences in RSA and CBC/ECB decryption operations when the LLVM compiler's select-optimize feature is enabled. An attacker can infer sensitive information, such as cryptographic keys, by analyzing the...

[SECURITY] Fedora 44 Update: rust-1.94.1-1.fc44

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

[SECURITY] Fedora 43 Update: pypy3.11-7.3.21-3.3.11.fc43

PyPy's implementation of Python 3.11, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types strings, dictionaries, etc.. This build of PyPy has JIT-compilation enabled...

CVE-2026-33491

Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.4, a stack-based buffer overflow vulnerability in the Zen C compiler allows attackers to cause a compiler crash or potentially execute arbitrary code by providing a specially crafted Zen C sour...

CVE-2026-33943

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...

CVE-2026-33943 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...

CVE-2026-33943 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...

Handlebars.js 安全漏洞

Handlebars.js is an open-source JavaScript templating engine developed by The Handlebars Templating Language project. Versions of Handlebars.js 4.7.8 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of user-controlled strings by the Handlebars...

GHSA-6Q6H-J7HJ-3R64 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Summary A code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions inside export declarations in ES module scripts processed by happy-dom. The compiler directly interpolates unsanitized content...