OpenClaw has a Discord `allowFrom` slug-collision authorization bypass

OpenClaw supports Discord allowlists using either user IDs or names/tags. Name/tag matching depends on slug normalization, so different user tags can collide to the same slug and unintentionally satisfy a name-based allowlist entry. Affected Packages / Versions - Package: openclaw npm - Affected...

Malicious code in cloud-runtime-authorization (npm)

The package cloud-runtime-authorization was found to contain malicious code...

MAL-2025-17169 Malicious code in cloud-runtime-authorization (npm)

The package cloud-runtime-authorization was found to contain malicious code...

CVE-2025-21620

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch redirect handling creates a follow-up redirect request that keeps the original...