Lucene search
K

9 matches found

Snyk
Snyk
added 2026/05/06 11:23 p.m.10 views

Incorrect Permission Assignment for Critical Resource

Overview @axonflow/openclaw is a Policy enforcement, approval gates, and audit trails for OpenClaw — govern tool inputs before execution, scan outbound messages for PII/secrets, and record agent activity for review and compliance Affected versions of this package are vulnerable to Incorrect...

6.8CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/05/06 11:16 p.m.9 views

Improper Verification of Cryptographic Signature

Overview @axonflow/sdk is an AxonFlow SDK - Add invisible AI governance to your applications in 3 lines of code Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the lack of exposure of the HMAC-SHA256 signing key in the SDK's typed API,...

8.2CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/05/06 11:15 p.m.7 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the lack of exposure of the HMAC-SHA256 signing key in the SDK's typed API, which prevents verification of the X-AxonFlow-Signature header on incoming webhook deliveries. An attack...

8.2CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/05/06 11:15 p.m.6 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the lack of exposure of the HMAC-SHA256 signing key in the SDK's typed API, which prevents verification of the X-AxonFlow-Signature header on incoming webhook deliveries. An attack...

8.2CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2026/05/06 11:15 p.m.8 views

GHSA-MHC4-QQ83-FMRR axonflow-sdk-go: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification

Summary The AxonFlow SDK's WebhookSubscription or equivalent type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the X-AxonFlow-Signature header on incoming webhook...

5.9CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/06 11:15 p.m.7 views

axonflow-sdk-go: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification

Summary The AxonFlow SDK's WebhookSubscription or equivalent type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the X-AxonFlow-Signature header on incoming webhook...

5.8AI score
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/06 11:14 p.m.8 views

Improper Verification of Cryptographic Signature

Overview axonflow is an AxonFlow Python SDK - Enterprise AI Governance in 3 Lines of Code Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the lack of exposure of the HMAC-SHA256 signing key in the SDK's typed API, which prevents...

8.2CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/06 11:14 p.m.6 views

axonflow-sdk-python: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification

Summary The AxonFlow SDK's WebhookSubscription or equivalent type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the X-AxonFlow-Signature header on incoming webhook...

5.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/06 11:13 p.m.3 views

GHSA-9H64-2846-7X7F Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening

Summary Eight independently-filed bug fixes in the v7.1.3 → v7.5.0 release window collectively close a set of multi-tenant isolation, access-control, and policy-enforcement defects in the AxonFlow platform. They are filed as a single consolidated advisory because the recommended remediation is a...

9.1CVSS5.9AI score
Exploits0References4
Rows per page
Query Builder