Publish Advisories

GHSA-2ww6-868g-2c56
GHSA-4wr4-f2qf-x5wj
GHSA-5gg9-5g7w-hm73
GHSA-6gx3-4362-rf54
GHSA-95cq-p4w2-32w5
GHSA-9f3r-2vgw-m8xp
GHSA-ffx7-75gc-jg7c
GHSA-g375-5wmp-xr78
GHSA-h8gr-qwr6-m9gx
GHSA-q6qf-4p5j-r25g
GHSA-qr46-rcv3-4hq3
GHSA-rjhh-m223-9qqv
GHSA-vpj2-69hf-rppw
GHSA-w76h-8m22-hpgh
GHSA-wwg8-6ffr-h4q2
GHSA-x2ff-j5c2-ggpr
GHSA-xp2m-98x8-rpj6

Author: advisory-database[bot]

advisories/github-reviewed/2026/03/GHSA-2ww6-868g-2c56/GHSA-2ww6-868g-2c56.json

@@ -1,14 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2ww6-868g-2c56",
-  "modified": "2026-03-19T22:30:09Z",
+  "modified": "2026-03-20T21:14:26Z",
   "published": "2026-03-03T18:30:39Z",
   "aliases": [
     "CVE-2026-32040"
   ],
   "summary": "OpenClaw Vulnerable to HTML injection via unvalidated image MIME type in data-URL interpolation",
   "details": "## Summary\n\nThe HTML session exporter (`src/auto-reply/reply/export-html/template.js`) interpolates `img.mimeType` directly into `<img src=\"data:...\">` attributes without validation or escaping. A crafted `mimeType` value (e.g., `x\" onerror=\"alert(1)`) can break out of the attribute context and execute arbitrary JavaScript.\n\n## Impact\n\nAn attacker who can control image entries in session data (via crafted tool results or session manipulation) can achieve XSS when the exported HTML is opened. The precondition is tighter than the main XSS finding (requires image content blocks with a malicious mimeType), but exploitation is straightforward.\n\n## Affected components\n\n- `src/auto-reply/reply/export-html/template.js` — line 1032 (tool result images), line 1306 (user message images)\n\n## Reproduction\n\n1. Craft a session entry with an image content block where `mimeType` is set to `image/png\" onerror=\"alert(document.domain)`\n2. Export the session to HTML\n3. Open the exported HTML — the injected `onerror` fires\n\n## Remediation\n\n- Added `sanitizeImageMimeType()` helper that validates mimeType against a whitelist of known image MIME types\n- Falls back to `application/octet-stream` for unrecognized values, preventing attribute breakout\n\n## Fix\n\nhttps://github.com/openclaw/openclaw/pull/24140",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
@@ -40,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2ww6-868g-2c56"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32040"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/pull/24140"
@@ -51,6 +59,10 @@
     {
       "type": "PACKAGE",
       "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-html-injection-via-unvalidated-image-mime-type-in-data-url-interpolation"
     }
   ],
   "database_specific": {
@@ -60,6 +72,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-03T18:30:39Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-19T22:16:40Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-4wr4-f2qf-x5wj/GHSA-4wr4-f2qf-x5wj.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4wr4-f2qf-x5wj",
-  "modified": "2026-03-16T21:18:39Z",
+  "modified": "2026-03-20T21:15:47Z",
   "published": "2026-03-16T21:18:39Z",
   "aliases": [
     "CVE-2026-32757"
@@ -43,9 +43,17 @@
       "type": "WEB",
       "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-4wr4-f2qf-x5wj"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32757"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/Admidio/admidio"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Admidio/admidio/releases/tag/v5.0.7"
     }
   ],
   "database_specific": {
@@ -55,6 +63,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-16T21:18:39Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-20T00:16:16Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-5gg9-5g7w-hm73/GHSA-5gg9-5g7w-hm73.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5gg9-5g7w-hm73",
-  "modified": "2026-03-18T21:42:55Z",
+  "modified": "2026-03-20T21:15:12Z",
   "published": "2026-03-16T20:44:20Z",
   "aliases": [
     "CVE-2026-32760"
@@ -43,9 +43,21 @@
       "type": "WEB",
       "url": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-5gg9-5g7w-hm73"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32760"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/filebrowser/filebrowser/commit/a63573b67eb302167b4c4f218361a2d0c138deab"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/filebrowser/filebrowser"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/filebrowser/filebrowser/releases/tag/v2.62.0"
     }
   ],
   "database_specific": {
@@ -56,6 +68,6 @@
     "severity": "CRITICAL",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-16T20:44:20Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-20T00:16:17Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-6gx3-4362-rf54/GHSA-6gx3-4362-rf54.json

@@ -1,14 +1,19 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6gx3-4362-rf54",
-  "modified": "2026-03-17T19:49:35Z",
+  "modified": "2026-03-20T21:16:03Z",
   "published": "2026-03-17T19:49:35Z",
   "aliases": [
     "CVE-2026-32766"
   ],
   "summary": "astral-tokio-tar insufficiently validates PAX extensions during extraction",
   "details": "## Impact\n\nIn versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping (rather than rejection) of invalid PAX extensions could be used as a building block for a parser differential, for example by having astral-tokio-tar silently skip a malformed GNU “long link” extension so that a subsequent parser would misinterpret the extension.\n\nIn practice, exploiting this behavior in astral-tokio-tar requires a secondary misbehaving tar parser, i.e. one that insufficiently validates malformed PAX extensions and interprets them rather than skipping or erroring on them. Consequently this advisory is considered low-severity within astral-tokio-tar itself, as it requires a separate vulnerability against any unrelated tar parser.\n\n## Patches\n\nVersions 0.6.0 and newer of astral-tokio-tar reject invalid PAX extensions, rather than silently skipping them. \n\n## Workarounds\n\nUsers are advised to upgrade to version 0.6.0 or newer to address this advisory.\n\nMost users should experience no breaking changes as a result of the patch above. Some users who attempt to extract poorly constructed tar files may experience errors; users should re-construct their tar files with a conforming tar parser.\n\n## Attribution\n\n- Sergei Zimmerman (@xokdvium)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
   "affected": [
     {
       "package": {
@@ -38,6 +43,10 @@
       "type": "WEB",
       "url": "https://github.com/astral-sh/tokio-tar/security/advisories/GHSA-6gx3-4362-rf54"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32766"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/astral-sh/tokio-tar/commit/e5e0139cae4577eeedf5fc16b65e690bf988ce52"
@@ -54,6 +63,6 @@
     "severity": "LOW",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-17T19:49:35Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-20T00:16:18Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-95cq-p4w2-32w5/GHSA-95cq-p4w2-32w5.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-95cq-p4w2-32w5",
-  "modified": "2026-03-16T21:16:50Z",
+  "modified": "2026-03-20T21:15:25Z",
   "published": "2026-03-16T21:16:50Z",
   "aliases": [
     "CVE-2026-32756"
@@ -43,9 +43,17 @@
       "type": "WEB",
       "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-95cq-p4w2-32w5"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32756"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/Admidio/admidio"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Admidio/admidio/releases/tag/v5.0.7"
     }
   ],
   "database_specific": {
@@ -55,6 +63,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-16T21:16:50Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-20T00:16:16Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-9f3r-2vgw-m8xp/GHSA-9f3r-2vgw-m8xp.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9f3r-2vgw-m8xp",
-  "modified": "2026-03-16T20:45:12Z",
+  "modified": "2026-03-20T21:15:19Z",
   "published": "2026-03-16T20:45:12Z",
   "aliases": [
     "CVE-2026-32758"
@@ -43,9 +43,21 @@
       "type": "WEB",
       "url": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-9f3r-2vgw-m8xp"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32758"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/filebrowser/filebrowser/commit/4bd7d69c82163b201a987e99c0c50d7ecc6ee5f1"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/filebrowser/filebrowser"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/filebrowser/filebrowser/releases/tag/v2.62.0"
     }
   ],
   "database_specific": {
@@ -56,6 +68,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-16T20:45:12Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-20T00:16:17Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-ffx7-75gc-jg7c/GHSA-ffx7-75gc-jg7c.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-ffx7-75gc-jg7c",
-  "modified": "2026-03-16T20:43:29Z",
+  "modified": "2026-03-20T21:15:05Z",
   "published": "2026-03-16T20:43:29Z",
   "aliases": [
     "CVE-2026-32759"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-ffx7-75gc-jg7c"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32759"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/filebrowser/filebrowser/issues/5199"
@@ -56,6 +60,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-16T20:43:29Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-20T00:16:17Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-g375-5wmp-xr78/GHSA-g375-5wmp-xr78.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g375-5wmp-xr78",
-  "modified": "2026-03-18T21:41:54Z",
+  "modified": "2026-03-20T21:15:55Z",
   "published": "2026-03-16T21:18:53Z",
   "aliases": [
     "CVE-2026-32818"
@@ -43,9 +43,17 @@
       "type": "WEB",
       "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-g375-5wmp-xr78"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32818"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/Admidio/admidio"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Admidio/admidio/releases/tag/v5.0.7"
     }
   ],
   "database_specific": {
@@ -55,6 +63,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-16T21:18:53Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-19T23:16:44Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-h8gr-qwr6-m9gx/GHSA-h8gr-qwr6-m9gx.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h8gr-qwr6-m9gx",
-  "modified": "2026-03-16T21:17:35Z",
+  "modified": "2026-03-20T21:15:40Z",
   "published": "2026-03-16T21:17:34Z",
   "aliases": [
     "CVE-2026-32755"
@@ -43,9 +43,17 @@
       "type": "WEB",
       "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-h8gr-qwr6-m9gx"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32755"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/Admidio/admidio"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Admidio/admidio/releases/tag/v5.0.7"
     }
   ],
   "database_specific": {
@@ -55,6 +63,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-16T21:17:34Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-19T23:16:44Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-q6qf-4p5j-r25g/GHSA-q6qf-4p5j-r25g.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q6qf-4p5j-r25g",
-  "modified": "2026-03-19T22:16:55Z",
+  "modified": "2026-03-20T21:14:03Z",
   "published": "2026-03-04T19:13:48Z",
   "aliases": [
     "CVE-2026-32002"
@@ -12,6 +12,10 @@
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
     }
   ],
   "affected": [
@@ -40,13 +44,21 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q6qf-4p5j-r25g"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32002"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/dd9d9c1c609dcb4579f9e57bd7b5c879d0146b53"
     },
     {
       "type": "PACKAGE",
       "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-image-tool-workspaceonly-bypass"
     }
   ],
   "database_specific": {
@@ -57,6 +69,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-04T19:13:48Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-19T22:16:32Z"
   }
 }