Homepage

Find out if you have vulnerabilities that put you at risk

Test your applications
Toggle filtering controls
Report a new vulnerability
  • M
Insufficiently Protected Credentials
Affects openclaw | Versions >=2026.4.5 <2026.4.20-beta.1
Has fix
npmPublished 26 Apr 2026
  • M
Incomplete List of Disallowed InputsCVE-2026-44114
Affects openclaw | Versions <2026.4.20-beta.1
Has fix
npmPublished 26 Apr 2026
  • M
Insufficient Granularity of Access Control
Affects openclaw | Versions <2026.4.20-beta.1
Has fix
npmPublished 26 Apr 2026
  • C
Malicious Package
Affects modern-events | Versions *
No fix available
npmPublished 25 Apr 2026
  • M
Unsafe Dependency ResolutionCVE-2026-41355
Affects openclaw | Versions <2026.3.28
Has fix
npmPublished 24 Apr 2026
  • L
Origin Validation ErrorCVE-2026-41358
Affects openclaw | Versions <2026.4.2
Has fix
npmPublished 24 Apr 2026
  • M
Incorrect AuthorizationCVE-2026-41909
Affects openclaw | Versions <2026.4.20
Has fix
npmPublished 24 Apr 2026
  • L
Incorrect AuthorizationCVE-2026-41908
Affects openclaw | Versions <2026.4.20
Has fix
npmPublished 24 Apr 2026
  • H
Uncontrolled RecursionCVE-2026-41311
Affects liquidjs | Versions <10.25.6
Has fix
npmPublished 24 Apr 2026
  • C
Incomplete List of Disallowed InputsCVE-2026-41264
Affects flowise-components | Versions <3.1.0
Has fix
npmPublished 24 Apr 2026
  • H
UNIX Symbolic Link (Symlink) FollowingCVE-2026-39861
Affects @anthropic-ai/claude-code | Versions <2.1.64
Has fix
npmPublished 24 Apr 2026
  • M
Use of Web Browser Cache Containing Sensitive InformationCVE-2026-41322
Affects @astrojs/node | Versions <10.0.5
Has fix
npmPublished 24 Apr 2026
  • L
Server-side Request Forgery (SSRF)CVE-2026-41321
Affects @astrojs/cloudflare | Versions <13.1.10
Has fix
npmPublished 24 Apr 2026
  • H
Missing AuthorizationCVE-2026-41679
Affects @paperclipai/ui | Versions <2026.416.0
Has fix
npmPublished 24 Apr 2026
  • H
Missing AuthorizationCVE-2026-41679
Affects @paperclipai/server | Versions <2026.416.0
Has fix
npmPublished 24 Apr 2026
  • C
Malicious Package
Affects sagat-core | Versions *
No fix available
npmPublished 24 Apr 2026
  • C
Malicious Package
Affects auth0-ui-components-docs | Versions *
No fix available
npmPublished 24 Apr 2026
  • C
Malicious Package
Affects wrapped-logger-utils | Versions *
No fix available
npmPublished 24 Apr 2026
  • C
Malicious Package
Affects react-spa-shadcn | Versions *
No fix available
npmPublished 24 Apr 2026
  • C
Malicious Package
Affects next-rwa | Versions *
No fix available
npmPublished 24 Apr 2026
  • C
Malicious Package
Affects react-spa-npm | Versions *
No fix available
npmPublished 24 Apr 2026
  • C
Malicious Package
Affects env_express | Versions *
No fix available
npmPublished 24 Apr 2026
  • C
Malicious Package
Affects chain-promised-await | Versions *
No fix available
npmPublished 24 Apr 2026
  • C
Malicious Package
Affects chai-as-optimized | Versions *
No fix available
npmPublished 24 Apr 2026
  • M
Cross-site Scripting (XSS)CVE-2026-41305
Affects postcss | Versions <8.5.10
Has fix
npmPublished 24 Apr 2026
  • C
Remote Code Execution (RCE)CVE-2026-6951
Affects simple-git | Versions <3.36.0
Has fix
npmPublished 24 Apr 2026
  • C
Embedded Malicious Code
Affects @bitwarden/cli | Versions =2026.4.0
Has fix
npmPublished 23 Apr 2026
  • H
XML InjectionCVE-2026-41675
Affects @xmldom/xmldom | Versions <0.8.13>=0.9.0 <0.9.10
Has fix
npmPublished 23 Apr 2026
  • H
XML InjectionCVE-2026-41675
Affects xmldom | Versions *
No fix available
npmPublished 23 Apr 2026
  • H
XML InjectionCVE-2026-41674
Affects @xmldom/xmldom | Versions <0.8.13>=0.9.0 <0.9.10
Has fix
npmPublished 23 Apr 2026