npm

3,968 tracked vulnerabilities.

CVE-2026-29074 HIGH
SVGO 2.1.0-2.8.0/3.0.0-3.3.2/4.0.0 - DoS
Mar 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-29613 MEDIUM
OpenClaw < 2026.2.12 - Unauthenticated Webhook Authentication Bypass via Loopback RemoteAddress Trust
Mar 05, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-29612 MEDIUM
OpenClaw < 2026.2.14 - Denial of Service via Large Base64 Media File Decoding
Mar 05, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-29610 HIGH
OpenClaw <2026.2.14 - Command Injection
Mar 05, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-29606 MEDIUM
OpenClaw < 2026.2.14 - Unauthenticated Webhook Signature Verification Bypass via Ngrok Loopback Compatibility
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28486 MEDIUM
OpenClaw 2026.1.16-2 - Path Traversal
Mar 05, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-28482 HIGH
OpenClaw <2026.2.12 - Path Traversal
Mar 05, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-28481 MEDIUM
OpenClaw <2026.1.30 - Info Disclosure
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28480 MEDIUM
OpenClaw < 2026.2.14 - Authentication Bypass via Telegram Username Spoofing
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28479 HIGH
OpenClaw <2026.2.15 - Cache Poisoning
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28477 HIGH
OpenClaw < 2026.2.14 - Cross-Site Request Forgery via OAuth State Validation Bypass
Mar 05, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-28476 HIGH
OpenClaw < 2026.2.14 - Server-Side Request Forgery via Tlon Urbit Extension Authentication
Mar 05, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-28475 MEDIUM
OpenClaw <2026.2.13 - Info Disclosure
Mar 05, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-28473 HIGH
OpenClaw < 2026.2.2 - Authorization Bypass via /approve Chat Command
Mar 05, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28472 HIGH
OpenClaw < 2026.2.2 - Unauthenticated Device Identity Check Bypass via Gateway WebSocket Connect Handshake
Mar 05, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28471 MEDIUM
OpenClaw 2026.1.14-1-2026.2.2 - Improper Authentication via Display Name and Localpart Matching
Mar 05, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-28470 CRITICAL
OpenClaw <2026.2.2 - Command Injection
Mar 05, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-28469 HIGH
OpenClaw < 2026.2.14 - Authorization Bypass via Google Chat Webhook Path Ambiguity
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28467 MEDIUM
OpenClaw < 2026.2.2 - Server-Side Request Forgery via Attachment and Media URL Hydration
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28466 CRITICAL
OpenClaw <2026.2.14 - Command Injection
Mar 05, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-28464 MEDIUM
OpenClaw <2026.2.12 - Info Disclosure
Mar 05, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-28463 HIGH
OpenClaw < 2026.2.14 - Arbitrary File Read via Shell Expansion in Exec-Approval Allowlist
Mar 05, 2026
CVSS 8.4
EPSS 0.00
CVE-2026-28462 HIGH
OpenClaw <2026.2.13 - Path Traversal
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28459 HIGH
OpenClaw <2026.2.12 - Path Traversal
Mar 05, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-28458 HIGH
OpenClaw <2026.2.1 - Info Disclosure
Mar 05, 2026
CVSS 8.1
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV