VulnScope — package-centric CVE lookup

Search

3,817 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH7.1CVE-2026-53865OpenClaw: Workspace-derived service PATH could influence trash command selection6/18/2026
HIGH7.1OpenClaw: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots6/18/2026
HIGH8.1OpenClaw: Discord allowFrom could bind to mutable display names6/18/2026
HIGH7.1OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency install6/18/2026
HIGH7.1OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns6/18/2026
HIGH8.1OpenClaw: Zalo allowFrom could bind to mutable display names6/18/2026
HIGH8.1OpenClaw: Shell positional parameters could weaken strict inline-eval checks6/18/2026
HIGH7.5undici WebSocket client vulnerable to denial of service via cumulative fragment bypass6/18/2026
HIGH7.5http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`6/18/2026
HIGH8.1piscina: Prototype Pollution Gadget → RCE via inherited options.filename6/18/2026
HIGH7.1OpenClaw: Workspace .env CLOUDSDK_PYTHON could influence Gmail setup gcloud execution6/18/2026
HIGH8.1OpenClaw: Shell inline-command parsing could miss an allowlist check6/18/2026
HIGH8.8OpenClaw: Pairing-scoped device session could restore revoked node token authority6/18/2026
HIGH8.1OpenClaw: Host environment sanitizer missed two Node.js control variables6/18/2026
HIGH7.4undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent6/17/2026
HIGH7.5Multer vulnerable to Denial of Service via deeply nested field names6/17/2026
HIGH7.1OpenClaw: MCP Streamable HTTP redirects could forward configured custom headers to another origin6/17/2026
HIGH7.3Pi Agent: Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts6/17/2026
LOW2.2Pi Agent: Race condition in Pi auth.json writes could expose stored credentials6/17/2026
LOW2.5Pi Agent: Potential XSS in HTML session exports via Markdown URL sanitization bypass6/16/2026
HIGH7.7n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host6/16/2026
HIGH7.6n8n: Stored XSS in Chat Trigger Node6/16/2026
HIGH7.6n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints6/16/2026
HIGH8.5n8n: Microsoft SQL Node Prototype Pollution6/16/2026
HIGH7.6n8n: Same-Origin XSS in Respond to Webhook Node6/16/2026

Page 1 of 153Next →