VulnScope — package-centric CVE lookup

Search

62,822 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH7.1CVE-2026-53853OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns6/18/2026
MEDIUM4.2OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers6/18/2026
MEDIUM6.5OpenClaw: memory-wiki shared search could miss session visibility checks6/18/2026
MEDIUM5.5OpenClaw: Config recovery could restore openclaw.json with broad file permissions6/18/2026
HIGH8.1OpenClaw: Zalo allowFrom could bind to mutable display names6/18/2026
MEDIUM4.3OpenClaw: Skill-command dispatch could skip before-tool-call hooks6/18/2026
—OpenClaw: Active Memory write scope could mutate global config6/18/2026
MEDIUM6.1OpenClaw: Exported session HTML could keep unsafe markdown links6/18/2026
MEDIUM5.3OpenClaw: Slack reaction events could ignore reaction notification settings6/18/2026
MEDIUM4.2OpenClaw: Bootstrap token replay could widen pending pairing scopes6/18/2026
HIGH8.1OpenClaw: Shell positional parameters could weaken strict inline-eval checks6/18/2026
MEDIUM6.5OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently6/18/2026
MEDIUM4.3OpenClaw: Exec allowlist could miss side effects from transparent command wrappers6/18/2026
—Armeria: External Control of File Name or Path in xDS SDS DataSource6/18/2026
MEDIUM6.5NL Portal Backend Libraries: Document contents remained downloadable by any logged-in user (incomplete fix of CVE-2026-49463)6/18/2026
—PGHoard: Password written to debug log6/18/2026
HIGH7.5Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID6/18/2026
—Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP6/18/2026
LOW2.2BBOT: Symlink-Following Arbitrary Write via github_workflows Module6/18/2026
MEDIUM6.5BBOT: Arbitrary File Write in postman_download Module6/18/2026
LOW3.1BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing6/18/2026
MEDIUM5.3BBOT: Path traversal (Zip-Slip) in unarchive module - incomplete fix for CVE-2025-102846/18/2026
MEDIUM6.6OpenClaw: macOS Swift exec allowlist missed combined POSIX inline flags6/18/2026
HIGH7.5undici WebSocket client vulnerable to denial of service via cumulative fragment bypass6/18/2026
CRITICAL9.8python-statemachine SCXML <data expr> Eval Injection6/18/2026

← PrevPage 2 of 2513Next →