Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the node.invoke process. An attacker can alter persistent browser profiles by invoking browser.proxy to bypass the intended profile-mutation guard. Remediation...

@0xwork/connect (>=0.1.0 <=0.1.7), @agentholdings/agent-passport (>=0.1.0 <=0.1.5) +21 more potentially affected by CVE-2026-42431 via openclaw (>=2026.3.22 <=2026.4.5)

openclaw NPM version =2026.3.22, =0.1.0, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =0.0.0, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 and more Source cves: CVE-2026-42431 Source advisory: SNYK:JS-OPENCLAW-15989075...

GHSA-CMFR-9M2R-XWHQ OpenClaw `node.invoke(browser.proxy)` bypasses `browser.request` persistent profile-mutation guard

Impact OpenClaw node.invokebrowser.proxy bypasses browser.request persistent profile-mutation guard. node.invokebrowser.proxy could mutate persistent browser profiles through a path that bypassed the browser.request guard. OpenClaw is a user-controlled local assistant. This advisory is scoped to...

@0xwork/connect (>=0.1.0 <=0.1.7), @agentholdings/agent-passport (>=0.1.0 <=0.1.5) +21 more potentially affected by CVE-2026-42423 via openclaw (>=2026.3.22 <=2026.4.5)

openclaw NPM version =2026.3.22, =0.1.0, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =0.0.0, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 and more Source cves: CVE-2026-42423 Source advisory: SNYK:JS-OPENCLAW-15967229...

GHSA-Q2GC-XJQW-QP89 OpenClaw: strictInlineEval explicit-approval boundary bypassed by approval-timeout fallback on gateway and node exec hosts

Impact strictInlineEval explicit-approval boundary bypassed by approval-timeout fallback on gateway and node exec hosts. The approval-timeout fallback could allow inline eval commands that strictInlineEval was meant to require explicit approval for. OpenClaw is a user-controlled local assistant...

OpenClaw: strictInlineEval explicit-approval boundary bypassed by approval-timeout fallback on gateway and node exec hosts

Impact strictInlineEval explicit-approval boundary bypassed by approval-timeout fallback on gateway and node exec hosts. The approval-timeout fallback could allow inline eval commands that strictInlineEval was meant to require explicit approval for. OpenClaw is a user-controlled local assistant...

MAL-2026-2527 Malicious code in sjs-biginteger (npm)

sjs-biginteger typosquats big.js on npm. Published April 7, 2026 by throwaway account vanes.s.p.orit.a, the package ships legitimate big.js source and hides its payload in a dependency: sjs-lint-build1. On install, the dependency’s postinstall hook fetches the attacker’s SSH public key from a C2...

GHSA-HFVC-G4FC-PQHX vulnerabilities

Vulnerabilities for packages: k8sgpt, docker, temporal, vitess, conftest, kine, kubernetes-csi-external-provisioner, kube-vip-cloud-provider, syft, cluster-api, node-feature-discovery, aws-node-termination-handler, spicedb-operator, tkn, aws-otel-collector, restic, clickhouse-operator,...

CVE-2026-39883 vulnerabilities

Vulnerabilities for packages: k8sgpt, docker, temporal, vitess, conftest, kine, kubernetes-csi-external-provisioner, kube-vip-cloud-provider, syft, cluster-api, node-feature-discovery, aws-node-termination-handler, spicedb-operator, tkn, aws-otel-collector, restic, clickhouse-operator,...

undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter

A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid servermaxwindowbits parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate,...

CVE-2026-39883 vulnerabilities

Vulnerabilities for packages: kaniko-fips, falcosidekick, ory-kratos, chainloop-control-plane-fips, vault-secrets-webhook, cluster-api-azure-controller, mcp-grafana, openbao, loki, fulcio, falcosidekick-fips, flux-notification-controller, plugin-barman-cloud, aws-ebs-csi-driver, op-geth,...

undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter

A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid servermaxwindowbits parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate,...

MAL-2026-2523 Malicious code in @telekom-wfa/auth-core (npm)

Package is malware. Hardcoded Telegram credentials, data exfiltration, and preinstall script execution indicate malicious intent. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a2fe12e5542ae8cf1cf339c13c3480629ccfd6e2fb391427c4f1b17bbdc9f85 The package...

MAL-2026-2518 Malicious code in viewer-assets-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0022cddbfa3afc707bea5e0e70c8bff5b3249847bd891c628a1fd2d0dc9fa259 The package viewer-assets-generator was found to contain malicious code. Source: ghsa-malware...

PT-2026-31679

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml fill of the file metagpt/actions/action node.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated...

Malicious code in kraken-trader (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4bf5ec6e8a6020de1e122cf07f2dde0f02fa1a484ff984586db379729da75523 The package is a loader of malicious code disguised as remote "credits" code. The remote location, built from the parts in the code, delivers highly obfuscated...

MAL-2026-2870 Malicious code in black-moon-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c672e4ab8770773551a9ff9b6b95a5740894bd1c689154056f69e5da4fdb879 The package black-moon-js was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-39406

@hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the handling of table captions during the rendering process. An attacker can execute arbitrary code with the privileges of the desktop client by syncing a crafted note containing malicious HTML or JavaScript ...

EUVD-2026-19973

SiYuan: Remote Code Execution in the Electron desktop client via stored XSS in synced table captions...