Search Vulnerabilities

Malicious code in rtms-manager (npm)

MAL-2026-2861

Malicious code in vinext-monorepo (npm)

MAL-2026-2857

Malicious code in @shoobx/types (npm)

MAL-2026-2858

Malicious code in @source-row/source-container (npm)

MAL-2026-2856

Malicious code in @ataslkit/profilecard (npm)

MAL-2026-2855

Malicious code in react-resource-router-next (npm)

MAL-2026-2853

Malicious code in react-hook-form (npm)

GHSA-v38x-c887-992f

Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability

GHSA-f934-5rqf-xx47

OpenClaw: QMD memory_get restricts reads to canonical or indexed memory paths

GHSA-mr34-9552-qr95

OpenClaw: Webchat media embedding enforces local-root containment for tool-result files

GHSA-xh72-v6v9-mwhc

OpenClaw: Feishu webhook and card-action validation now fail closed

GHSA-xmxx-7p24-h892

OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation

GHSA-p6x5-p4xf-cc4r

Remote Code Execution (RCE) via String Literal Injection into math-codegen

GHSA-5cwg-9f6j-9jvx

CVE-2026-35603

Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows

GHSA-f7fh-qg34-x2xh

OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets

GHSA-jhpv-5j76-m56h

OpenClaw: Sender policy bypass in host media attachment reads allows unauthorized local file disclosure

GHSA-66r7-m7xm-v49h

OpenClaw: QQBot media tags could read arbitrary local files through reply text

GHSA-2cq5-mf3v-mx44

OpenClaw: busybox and toybox applet execution weakened exec approval binding

GHSA-7jp6-r74r-995q

OpenClaw: Matrix profile config persistence was reachable from operator.write message tools

GHSA-736r-jwj6-4w23

OpenClaw: Sandboxed agents could escape exec routing via host=node override

Showing 1 - 20 of 1,000+ results

...

Searching...

Filters

1,000+ results

MAL-2026-2862

Malicious code in rtms-manager (npm)

MAL-2026-2861

Malicious code in vinext-monorepo (npm)

MAL-2026-2857

Malicious code in @shoobx/types (npm)

MAL-2026-2858

Malicious code in @source-row/source-container (npm)

MAL-2026-2856

Malicious code in @ataslkit/profilecard (npm)

MAL-2026-2855

Malicious code in react-resource-router-next (npm)

MAL-2026-2853

Malicious code in react-hook-form (npm)

GHSA-v38x-c887-992f

Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability

GHSA-f934-5rqf-xx47

OpenClaw: QMD memory_get restricts reads to canonical or indexed memory paths

GHSA-mr34-9552-qr95

OpenClaw: Webchat media embedding enforces local-root containment for tool-result files

GHSA-xh72-v6v9-mwhc

OpenClaw: Feishu webhook and card-action validation now fail closed

GHSA-xmxx-7p24-h892

OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation

GHSA-p6x5-p4xf-cc4r

Remote Code Execution (RCE) via String Literal Injection into math-codegen

GHSA-5cwg-9f6j-9jvx

CVE-2026-35603

Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows

GHSA-f7fh-qg34-x2xh

OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets

GHSA-jhpv-5j76-m56h

OpenClaw: Sender policy bypass in host media attachment reads allows unauthorized local file disclosure

GHSA-66r7-m7xm-v49h

OpenClaw: QQBot media tags could read arbitrary local files through reply text

GHSA-2cq5-mf3v-mx44

OpenClaw: busybox and toybox applet execution weakened exec approval binding

GHSA-7jp6-r74r-995q

OpenClaw: Matrix profile config persistence was reachable from operator.write message tools

GHSA-736r-jwj6-4w23

OpenClaw: Sandboxed agents could escape exec routing via host=node override