npm
3,968 tracked vulnerabilities.
CVE-2026-32030
HIGH
OpenClaw < 2026.2.19 - Sensitive File Disclosure via stageSandboxMedia Path Traversal
Mar 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32029
MEDIUM
OpenClaw < 2026.2.21 - Client IP Spoofing via X-Forwarded-For Header Parsing
Mar 19, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-32028
MEDIUM
OpenClaw < 2026.2.25 - Missing Authorization Check in Discord DM Reaction Ingress
Mar 19, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-32027
MEDIUM
OpenClaw < 2026.2.26 - Improper Authorization via DM Pairing Store Identity Inheritance in Group Allowlist
Mar 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32026
MEDIUM
OpenClaw < 2026.2.24 - Arbitrary File Read via Improper Temporary Path Validation in Sandbox
Mar 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32025
HIGH
OpenClaw < 2026.2.25 - Password Brute-Force via Browser-Origin WebSocket Authentication Bypass
Mar 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32024
MEDIUM
OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling
Mar 19, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-32023
HIGH
OpenClaw < 2026.2.24 - Approval Gating Bypass via Dispatch-Wrapper Depth-Cap Mismatch in system.run
Mar 19, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-32022
MEDIUM
OpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy Bypass
Mar 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32021
MEDIUM
OpenClaw < 2026.2.22 - Authorization Bypass via Display Name Collision in Feishu allowFrom
Mar 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32020
LOW
OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler
Mar 19, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-32019
HIGH
OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard
Mar 19, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-32018
LOW
OpenClaw < 2026.2.19 - Race Condition in Sandbox Registry Write Operations
Mar 19, 2026
CVSS 3.6
EPSS 0.00
CVE-2026-32017
HIGH
OpenClaw < 2026.2.19 - Arbitrary File Write via Short-Option Bypass in exec Allowlist
Mar 19, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-32016
HIGH
OpenClaw < 2026.2.22 - Path Traversal via Basename-Only Allowlist Matching on macOS
Mar 19, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-32015
HIGH
OpenClaw 2026.1.21 < 2026.2.19 - PATH Hijacking Bypass in tools.exec.safeBins Allowlist Validation
Mar 19, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-32014
HIGH
OpenClaw < 2026.2.26 - Node Reconnect Metadata Spoofing via Unsigned Platform Fields
Mar 19, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-32013
HIGH
OpenClaw < 2026.2.25 - Symlink Traversal in agents.files Methods
Mar 19, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-32011
HIGH
OpenClaw < 2026.3.2 - Slow-Request Denial of Service via Pre-Auth Webhook Body Parsing
Mar 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32010
MEDIUM
OpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program Parameter
Mar 19, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-32009
MEDIUM
OpenClaw < 2026.2.24 - Binary Hijacking via Static Default Trusted Directories in safeBins
Mar 19, 2026
CVSS 5.7
EPSS 0.00
CVE-2026-32008
MEDIUM
OpenClaw < 2026.2.21 - Arbitrary Local File Read via Browser Navigation Guard
Mar 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32007
MEDIUM
OpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check Bypass
Mar 19, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-32006
LOW
OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Fallback in Group Allowlist
Mar 19, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-32005
MEDIUM
OpenClaw < 2026.2.25 - Authorization Bypass in Interactive Callbacks via Sender Check Skip
Mar 19, 2026
CVSS 6.8
EPSS 0.00
Products
openclaw 393
parse-server 92
n8n 62
directus 53
electron 48
flowise 48
next 47
vm2 32
hono 25
nocodb 25
axios 24
undici 22
ghost 21
vite 19
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
nodebb 14
sequelize 14
tinymce 14
flowise-components 13
signalk-server 13
angular 12
dompurify 12
handlebars 12
jsrsasign 12
matrix-js-sdk 12
Quick Filters