npm
4,193 tracked vulnerabilities.
CVE-2026-32024
MEDIUM
OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling
Mar 19, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-32023
HIGH
OpenClaw < 2026.2.24 - Approval Gating Bypass via Dispatch-Wrapper Depth-Cap Mismatch in system.run
Mar 19, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-32022
MEDIUM
OpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy Bypass
Mar 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32021
MEDIUM
OpenClaw < 2026.2.22 - Authorization Bypass via Display Name Collision in Feishu allowFrom
Mar 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32020
LOW
OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler
Mar 19, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-32019
HIGH
OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard
Mar 19, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-32018
LOW
OpenClaw < 2026.2.19 - Race Condition in Sandbox Registry Write Operations
Mar 19, 2026
CVSS 3.6
EPSS 0.00
CVE-2026-32017
HIGH
OpenClaw < 2026.2.19 - Arbitrary File Write via Short-Option Bypass in exec Allowlist
Mar 19, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-32016
HIGH
OpenClaw < 2026.2.22 - Path Traversal via Basename-Only Allowlist Matching on macOS
Mar 19, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-32015
HIGH
OpenClaw 2026.1.21 < 2026.2.19 - PATH Hijacking Bypass in tools.exec.safeBins Allowlist Validation
Mar 19, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-32014
HIGH
OpenClaw < 2026.2.26 - Node Reconnect Metadata Spoofing via Unsigned Platform Fields
Mar 19, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-32013
HIGH
OpenClaw < 2026.2.25 - Symlink Traversal in agents.files Methods
Mar 19, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-32011
HIGH
OpenClaw < 2026.3.2 - Slow-Request Denial of Service via Pre-Auth Webhook Body Parsing
Mar 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32010
MEDIUM
OpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program Parameter
Mar 19, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-32009
MEDIUM
OpenClaw < 2026.2.24 - Binary Hijacking via Static Default Trusted Directories in safeBins
Mar 19, 2026
CVSS 5.7
EPSS 0.00
CVE-2026-32008
MEDIUM
OpenClaw < 2026.2.21 - Arbitrary Local File Read via Browser Navigation Guard
Mar 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32007
MEDIUM
OpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check Bypass
Mar 19, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-32006
LOW
OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Fallback in Group Allowlist
Mar 19, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-32005
MEDIUM
OpenClaw < 2026.2.25 - Authorization Bypass in Interactive Callbacks via Sender Check Skip
Mar 19, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-32004
MEDIUM
OpenClaw < 2026.3.2 - Authentication Bypass via Encoded Path in /api/channels Route
Mar 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32003
MEDIUM
OpenClaw < 2026.2.22 - Remote Code Execution via SHELLOPTS/PS4 Environment Injection in system.run
Mar 19, 2026
CVSS 6.6
EPSS 0.01
CVE-2026-32002
MEDIUM
OpenClaw < 2026.2.23 - Sandbox Boundary Bypass via Image Tool workspaceOnly Bypass
Mar 19, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-32001
MEDIUM
OpenClaw < 2026.2.22 - Node Role Device-Identity Bypass via WebSocket Authentication
Mar 19, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-32000
HIGH
OpenClaw < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Tool Execution
Mar 19, 2026
CVSS 7.1
EPSS 0.01
CVE-2026-31999
MEDIUM
OpenClaw 2026.2.26 < 2026.3.1 - Current Working Directory Injection via Windows Wrapper Resolution Fallback
Mar 19, 2026
CVSS 6.3
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 20
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
dompurify 12
Quick Filters