Vulnerabilities

Recent vulnerabilities

Recent vulnerabilities from
Select from 78 available sources using the dropdown above.

GitHub 🐙

Recent vulnerabilities · 346630 entries
ID Severity Description Published Updated
ghsa-rw46-qg69-vg6h
5.3 (4.0)
Kimai: ExportTemplate CRUD Missing Authorization Check Allows Unauthorized TEAMLEAD Access 2026-07-14T00:34:03Z 2026-07-14T00:34:03Z
ghsa-v8hx-4vx8-wc96
7.1 (4.0)
Kimai: Pre-2FA KIMAI_SESSION cookie grants full authenticated REST API access, bypassing TOTP 2026-07-14T00:33:39Z 2026-07-14T00:33:39Z
ghsa-crh7-2j46-hqrj
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long cert… 2026-07-14T00:31:05Z 2026-07-14T00:31:05Z
ghsa-cfx5-q5qm-x936
8.8 (3.1)
8.7 (4.0)
Cockpit CMS contains a path traversal vulnerability in the Bucket file storage API (/system/buckets… 2026-07-14T00:31:05Z 2026-07-14T00:31:05Z
ghsa-9fwc-2x22-7m65
6.3 (3.1)
2.1 (4.0)
A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the fu… 2026-07-14T00:31:05Z 2026-07-14T00:31:05Z
ghsa-8wqq-45fp-2xmp
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer derefe… 2026-07-14T00:31:05Z 2026-07-14T00:31:05Z
ghsa-5293-6wqf-75gr
6.3 (3.1)
2.1 (4.0)
A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the functio… 2026-07-14T00:31:05Z 2026-07-14T00:31:05Z
ghsa-xjwv-xjj9-gqqc
7.5 (3.1)
8.7 (4.0)
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that… 2026-07-14T00:31:04Z 2026-07-14T00:31:04Z
ghsa-w9r7-4gwr-j959
6.6 (3.1)
5.3 (4.0)
FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerabilit… 2026-07-14T00:31:04Z 2026-07-14T00:31:04Z
ghsa-rqg5-28vh-5645
8.8 (3.1)
8.7 (4.0)
OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin … 2026-07-14T00:31:04Z 2026-07-14T00:31:04Z
ghsa-q932-85w6-fmxr
8.3 (3.1)
8.7 (4.0)
OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where Wha… 2026-07-14T00:31:04Z 2026-07-14T00:31:04Z
ghsa-mr4r-hcgx-8p4h
7.4 (3.1)
8.3 (4.0)
CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validate_url funct… 2026-07-14T00:31:04Z 2026-07-14T00:31:04Z
ghsa-m7mf-xqv5-gg8f
4.3 (3.1)
2.1 (4.0)
A vulnerability was detected in tanstack db up to 0.6.8. Affected by this vulnerability is the func… 2026-07-14T00:31:04Z 2026-07-14T00:31:05Z
ghsa-jw7v-5mp7-ghgm
8.5 (3.1)
6.3 (4.0)
OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accep… 2026-07-14T00:31:04Z 2026-07-14T00:31:04Z
ghsa-jfxm-h5m6-27f9
4.3 (3.1)
5.3 (4.0)
OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native… 2026-07-14T00:31:04Z 2026-07-14T00:31:04Z
ghsa-j4h2-3wwr-928r
8.6 (3.1)
7.7 (4.0)
Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that all… 2026-07-14T00:31:04Z 2026-07-14T00:31:04Z
ghsa-hq6h-q7pr-4qqv
3.1 (3.1)
2.3 (4.0)
A security vulnerability has been detected in wandb 0.25.2.dev1. Affected is the function ArtifactM… 2026-07-14T00:31:04Z 2026-07-14T00:31:04Z
ghsa-h7rf-pv8c-84mg
8.8 (3.1)
8.7 (4.0)
OpenClaw versions before 2026.6.1 contain a flaw in host exec environment filtering that could allo… 2026-07-14T00:31:04Z 2026-07-14T00:31:04Z
ghsa-fjpv-pfvg-c462
8.8 (3.1)
8.7 (4.0)
Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API (/system/… 2026-07-14T00:31:04Z 2026-07-14T00:31:04Z
ghsa-7gvh-h32g-9cfw
9.1 (3.1)
9.3 (4.0)
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that… 2026-07-14T00:31:04Z 2026-07-14T00:31:04Z
ghsa-68pw-c734-2rr2
8.8 (3.1)
8.7 (4.0)
OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that can miss i… 2026-07-14T00:31:04Z 2026-07-14T00:31:04Z
ghsa-5pr8-xjq5-2wrc
8.3 (3.1)
8.7 (4.0)
OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MC… 2026-07-14T00:31:04Z 2026-07-14T00:31:04Z
ghsa-wg67-843q-9p4v
7.1 (3.1)
7.1 (4.0)
OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message… 2026-07-14T00:31:03Z 2026-07-14T00:31:03Z
ghsa-wfxc-2q5g-mm98
4.9 (3.1)
6.9 (4.0)
OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers t… 2026-07-14T00:31:03Z 2026-07-14T00:31:03Z
ghsa-w4jg-w96x-q3wh
7.5 (3.1)
8.7 (4.0)
PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpo… 2026-07-14T00:31:03Z 2026-07-14T00:31:03Z
ghsa-vgjq-7pq9-cvwp
7.1 (3.1)
7.6 (4.0)
OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync feat… 2026-07-14T00:31:03Z 2026-07-14T00:31:03Z
ghsa-qhh8-mfpm-5j6c
7.6 (3.1)
7.2 (4.0)
OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatibl… 2026-07-14T00:31:03Z 2026-07-14T00:31:03Z
ghsa-mm88-h44m-w2gp
8.1 (3.1)
8.6 (4.0)
OpenClaw Feishu tools (npm package @openclaw/feishu) in versions <= 2026.6.6 could ignore per-accou… 2026-07-14T00:31:03Z 2026-07-14T00:31:03Z
ghsa-j48q-3j3c-39fr
8.1 (3.1)
7.2 (4.0)
OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord… 2026-07-14T00:31:03Z 2026-07-14T00:31:03Z
ghsa-gqfx-xr3c-xq42
8.1 (3.1)
8.6 (4.0)
OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerab… 2026-07-14T00:31:03Z 2026-07-14T00:31:03Z