Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / npm

npm

3,968 tracked vulnerabilities.

CVE-2026-4603 MEDIUM

jsrsasign <11.1.1 - Division by Zero

CVE-2026-4602 HIGH

jsrsasign <11.1.1 - Incorrect Conversion

CVE-2026-4601 HIGH

jsrsasign <11.1.1 - Missing Cryptographic Step

CVE-2026-4600 HIGH

jsrsasign <11.1.1 - Improper Verification of Cryptographic Signature

CVE-2026-4599 CRITICAL

jsrsasign <11.1.1 - Incomplete Comparison

CVE-2026-4598 HIGH

jsrsasign < 11.1.1 - Denial of Service via Infinite Loop in bnModInverse

CVE-2026-32899 MEDIUM

OpenClaw < 2026.2.25 - Sender Policy Bypass in Slack Reaction and Pin Event Handlers

CVE-2026-32898 MEDIUM

OpenClaw < 2026.2.23 - ACP Permission Auto-Approval Bypass via Untrusted Tool Metadata

CVE-2026-32897 LOW

OpenClaw < 2026.2.22 - Authentication Token Reuse in Owner ID Prompt Hashing Fallback

CVE-2026-32896 MEDIUM

OpenClaw < 2026.2.21 - Unauthenticated Webhook Access via Passwordless Fallback in BlueBubbles Plugin

CVE-2026-32895 MEDIUM

OpenClaw < 2026.2.26 - Sender Authorization Bypass in Slack System Event Handlers

CVE-2026-32067 LOW

OpenClaw < 2026.2.26 - Cross-Account Authorization Bypass in DM Pairing Store

CVE-2026-32065 MEDIUM

OpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command Execution

CVE-2026-32064 HIGH

OpenClaw < 2026.2.21 - Missing VNC Authentication in Sandbox Browser noVNC Observer

CVE-2026-32058 LOW

OpenClaw < 2026.2.26 - Approval Context-Binding Weakness in system.run via host=node

CVE-2026-32057 HIGH

OpenClaw < 2026.2.25 - Authentication Bypass via Control UI client.id Parameter

CVE-2026-32056 HIGH

OpenClaw < 2026.2.22 - Remote Code Execution via Shell Startup Environment Variable Injection in system.run

CVE-2026-32055 HIGH

OpenClaw < 2026.2.26 - Workspace Path Boundary Bypass via Non-existent Symlink

CVE-2026-32054 MEDIUM

OpenClaw < 2026.2.25 - Symlink Traversal in Browser Trace/Download Path Handling

CVE-2026-32053 MEDIUM

OpenClaw < 2026.2.23 - Twilio Webhook Replay Bypass via Randomized Event ID Normalization

CVE-2026-32052 MEDIUM

OpenClaw < 2026.2.24 - Hidden Command Execution via Shell-Wrapper Positional argv Carriers

CVE-2026-32050 LOW

OpenClaw < 2026.2.25 - Unauthorized Reaction Status Event Enqueue via Access Check Bypass

CVE-2026-32049 HIGH

OpenClaw < 2026.2.22 - Denial of Service via Inbound Media Download Byte Limit Bypass

CVE-2026-32048 HIGH

OpenClaw < 2026.3.1 - Sandbox Escape via Cross-Agent sessions_spawn

CVE-2026-32046 MEDIUM

OpenClaw < 2026.2.21 - OS-level Sandbox Bypass via --no-sandbox Flag

Previous Page 24 of 159 Next

Products

openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy