GHSA-Q382-VC8Q-7JHJ vulnerabilities

Vulnerabilities for packages: ferretdb, glab, osv-scanner, flux-operator, jaeger, opencost, datadog-agent...

CVE-2026-33252 vulnerabilities

Vulnerabilities for packages: ferretdb, glab, osv-scanner, flux-operator, jaeger, opencost, datadog-agent...

GHSA-89XV-2J6F-QHC8 vulnerabilities

Vulnerabilities for packages: ferretdb, jaeger-fips, opencost-fips, datadog-agent, datadog-agent-fips, flux-operator-fips, gitlab-workhorse-ce, jaeger, livekit-cli, osv-scanner, opencost, flux-operator, gitlab-workhorse-ce-fips, glab...

GHSA-Q382-VC8Q-7JHJ vulnerabilities

Vulnerabilities for packages: ferretdb, jaeger-fips, opencost-fips, datadog-agent, datadog-agent-fips, flux-operator-fips, gitlab-workhorse-ce, jaeger, livekit-cli, osv-scanner, opencost, flux-operator, gitlab-workhorse-ce-fips, glab...

CVE-2026-33252 vulnerabilities

Vulnerabilities for packages: ferretdb, jaeger-fips, opencost-fips, datadog-agent, datadog-agent-fips, flux-operator-fips, gitlab-workhorse-ce, jaeger, livekit-cli, osv-scanner, opencost, flux-operator, gitlab-workhorse-ce-fips, glab...

ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.114.0 <=0.120.0), ai.ancf.lmos:arc-runner (>=0.114.0 <=0.120.0) +1424 more potentially affected by CVE-2026-22735 via org.springframework:spring-webflux (>=6.2.0 <=6.2.16)

org.springframework:spring-webflux MAVEN version =6.2.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.6 - ai.telosforge:kimaira-util-webclient =1.2.6 and more Source cves: CVE-2026-22735 Source advisory:...

ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.114.0 <=0.120.0), ai.ancf.lmos:arc-runner (>=0.114.0 <=0.120.0) +1424 more potentially affected by CVE-2026-22737 via org.springframework:spring-webflux (>=6.2.0 <=6.2.16)

org.springframework:spring-webflux MAVEN version =6.2.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.6 - ai.telosforge:kimaira-util-webclient =1.2.6 and more Source cves: CVE-2026-22737 Source advisory:...

CVE-2026-32025

OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSocket clients that allows attackers to bypass origin checks and auth throttling on loopback deployments. An attacker can trick a user into opening a malicious webpage and perform password brute-forc...

CVE-2026-32025

OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSocket clients that allows attackers to bypass origin checks and auth throttling on loopback deployments. An attacker can trick a user into opening a malicious webpage and perform password brute-forc...

CVE-2026-32025

OpenClaw versions prior to 2026.2.25 expose an authentication hardening gap in browser-origin WebSocket clients that bypasses origin checks and auth throttling on loopback deployments. An attacker enticed to visit a malicious page can perform password brute-force against the gateway to establish ...

EUVD-2026-13298

OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSocket clients that allows attackers to bypass origin checks and auth throttling on loopback deployments. An attacker can trick a user into opening a malicious webpage and perform password brute-forc...

GHSA-P77J-4MVH-X3M3 vulnerabilities

Vulnerabilities for packages: kubevela, sftpgo-plugin-eventsearch, prometheus-alertmanager, metallb, cloud-provider-vsphere, xeol, aws-efs-csi-driver, gitlab-pages, multus-cni, mc, terraform-provider-sendgrid, certificate-transparency, k8ssandra-operator, tflint, podinfo,...

CVE-2026-33186 vulnerabilities

Vulnerabilities for packages: kubevela, sftpgo-plugin-eventsearch, prometheus-alertmanager, metallb, cloud-provider-vsphere, xeol, aws-efs-csi-driver, gitlab-pages, multus-cni, mc, terraform-provider-sendgrid, certificate-transparency, k8ssandra-operator, tflint, podinfo,...

EUVD-2026-13016

OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...

Duplicate Advisory: OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5f9p-f3w2-fwch. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app...

GHSA-G87J-GM7P-6VW2 Duplicate Advisory: OpenClaw's Node system.run approval hardening wrapper semantic drift can execute unintended local scripts

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h3rm-6x7g-882f. This link is maintained to preserve external references. Original Description OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting...

CVE-2026-31993

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

CVE-2026-31993

CVE-2026-31993 affects the OpenClaw macOS companion app, with versions prior to 2026.2.22. The issue is a allowlist parsing mismatch in system.run shell chains that allows authenticated operators to bypass exec approval checks, enabling arbitrary command execution on the paired host when paired w...

CVE-2026-29608

OpenClaw 2026.3.1 contains an approval-integrity vulnerability in the system.run node-host path where argv rewriting changes the executed command. The issue allows an attacker to place a local script in the approved working directory and have it run instead of the text shown to the operator, desp...

OpenClaw 参数注入漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a command execution vulnerability that can be exploited by an attacker to cause an authenticated operator to execute arbitrary parameters...