npm
4,193 tracked vulnerabilities.
CVE-2026-28482
HIGH
OpenClaw <2026.2.12 - Path Traversal
Mar 05, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-28481
MEDIUM
OpenClaw <2026.1.30 - Info Disclosure
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28480
MEDIUM
OpenClaw < 2026.2.14 - Authentication Bypass via Telegram Username Spoofing
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28479
HIGH
OpenClaw <2026.2.15 - Cache Poisoning
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28477
HIGH
OpenClaw < 2026.2.14 - Cross-Site Request Forgery via OAuth State Validation Bypass
Mar 05, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-28476
HIGH
OpenClaw < 2026.2.14 - Server-Side Request Forgery via Tlon Urbit Extension Authentication
Mar 05, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-28475
MEDIUM
OpenClaw <2026.2.13 - Info Disclosure
Mar 05, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-28473
HIGH
OpenClaw < 2026.2.2 - Authorization Bypass via /approve Chat Command
Mar 05, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28472
HIGH
OpenClaw < 2026.2.2 - Unauthenticated Device Identity Check Bypass via Gateway WebSocket Connect Handshake
Mar 05, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28471
MEDIUM
OpenClaw 2026.1.14-1-2026.2.2 - Improper Authentication via Display Name and Localpart Matching
Mar 05, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-28470
CRITICAL
OpenClaw <2026.2.2 - Command Injection
Mar 05, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-28469
HIGH
OpenClaw < 2026.2.14 - Authorization Bypass via Google Chat Webhook Path Ambiguity
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28467
MEDIUM
OpenClaw < 2026.2.2 - Server-Side Request Forgery via Attachment and Media URL Hydration
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28466
CRITICAL
OpenClaw <2026.2.14 - Command Injection
Mar 05, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-28464
MEDIUM
OpenClaw <2026.2.12 - Info Disclosure
Mar 05, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-28463
HIGH
OpenClaw < 2026.2.14 - Arbitrary File Read via Shell Expansion in Exec-Approval Allowlist
Mar 05, 2026
CVSS 8.4
EPSS 0.00
CVE-2026-28462
HIGH
OpenClaw <2026.2.13 - Path Traversal
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28459
HIGH
OpenClaw <2026.2.12 - Path Traversal
Mar 05, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-28458
HIGH
OpenClaw <2026.2.1 - Info Disclosure
Mar 05, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28457
MEDIUM
OpenClaw <2026.2.14 - Path Traversal
Mar 05, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-28456
HIGH
OpenClaw 2026.1.5-2026.2.14 - Code Injection
Mar 05, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-28454
HIGH
OpenClaw < 2026.2.2 - Unauthenticated Privileged Command Execution via Telegram Webhook Spoofing
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28453
HIGH
OpenClaw <2026.2.14 - Path Traversal
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28452
MEDIUM
OpenClaw < 2026.2.14 - Denial of Service via Unguarded Archive Extraction
Mar 05, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-28451
HIGH
OpenClaw < 2026.2.14 - Server-Side Request Forgery via Feishu Extension Media Fetching
Mar 05, 2026
CVSS 8.3
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 20
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
dompurify 12
Quick Filters