npm
4,193 tracked vulnerabilities.
CVE-2026-2739
MEDIUM
bn.js <5.2.3 - DoS
Feb 20, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-26996
HIGH
minimatch < 10.2.1 - Regular Expression Denial of Service via Glob Pattern with Consecutive Wildcards
Feb 20, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-26980
CRITICAL
NUCLEI
Ghost 3.24.0-6.19.0 - Info Disclosure
Feb 20, 2026
CVSS 9.4
EPSS 0.70
CVE-2026-26960
HIGH
tar < 7.5.8 - Arbitrary File Read and Write via Hardlink Extraction
Feb 20, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-27009
MEDIUM
OpenClaw < 2026.2.15 - Stored Cross-Site Scripting via Assistant Identity Rendering
Feb 20, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-27008
MEDIUM
OpenClaw <2026.2.15 - Path Traversal
Feb 20, 2026
CVSS 6.7
EPSS 0.00
CVE-2026-27007
LOW
OpenClaw <2026.2.15 - Privilege Escalation
Feb 20, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-27004
MEDIUM
OpenClaw <2026.2.15 - Privilege Escalation
Feb 20, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-27003
MEDIUM
OpenClaw <2026.2.15 - Info Disclosure
Feb 20, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-27002
CRITICAL
OpenClaw <2026.2.15 - Privilege Escalation
Feb 20, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-27001
HIGH
OpenClaw <2026.2.15 - Command Injection
Feb 20, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-26972
MEDIUM
OpenClaw 2026.1.12-2026.2.12 - Path Traversal
Feb 20, 2026
CVSS 6.7
EPSS 0.00
CVE-2026-26329
MEDIUM
OpenClaw <2026.2.14 - Path Traversal
Feb 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26328
MEDIUM
OpenClaw <2026.2.14 - Privilege Escalation
Feb 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26327
MEDIUM
OpenClaw < 2026.2.14 - Unauthenticated TLS Certificate Pinning Bypass via Discovery Beacon TXT Records
Feb 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26326
MEDIUM
OpenClaw <2026.2.14 - Info Disclosure
Feb 19, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-26325
HIGH
OpenClaw <2026.2.14 - Command Injection
Feb 19, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-26324
HIGH
OpenClaw < 2026.2.14 - Server-Side Request Forgery via IPv6 Literal Bypass
Feb 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26323
HIGH
OpenClaw 2026.1.8-2026.2.13 - Command Injection
Feb 19, 2026
CVSS 8.8
EPSS 0.02
CVE-2026-26322
HIGH
OpenClaw < 2026.2.14 - Server-Side Request Forgery via Gateway Tool URL Override
Feb 19, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-26321
HIGH
OpenClaw <2026.2.14 - Path Traversal
Feb 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26320
MEDIUM
OpenClaw macOS 2026.2.6-2026.2.13 - Command Injection
Feb 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26319
HIGH
OpenClaw < 2026.2.14 - Unauthenticated Webhook Spoofing via Missing Telnyx Signature Verification
Feb 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26317
HIGH
OpenClaw < 2026.2.14 - Cross-Site Request Forgery via Unvalidated Origin/Referer
Feb 19, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-26316
HIGH
OpenClaw < 2026.2.13 - Incorrect Authorization via BlueBubbles Webhook Loopback Bypass
Feb 19, 2026
CVSS 7.5
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 20
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
dompurify 12
Quick Filters