Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 2d2992c1486b · 2026-04-06T23:07:19.000Z
GHSA-xfjj-f699-rc79 GHSA-8689-gm9g-jgr6 GHSA-6336-qqw9-v6x6 GHSA-7429-hxcv-268m GHSA-89r3-6x4j-v7wf GHSA-jjw7-3vjf-fg5j
diff --git a/advisories/github-reviewed/2024/05/GHSA-xfjj-f699-rc79/GHSA-xfjj-f699-rc79.json b/advisories/github-reviewed/2024/05/GHSA-xfjj-f699-rc79/GHSA-xfjj-f699-rc79.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xfjj-f699-rc79",
-  "modified": "2024-07-05T21:26:52Z",
+  "modified": "2026-04-06T23:06:56Z",
   "published": "2024-05-07T15:30:37Z",
   "aliases": [
     "CVE-2024-33434"
@@ -63,6 +63,10 @@
     {
       "type": "PACKAGE",
       "url": "https://github.com/tiagorlampert/CHAOS"
+    },
+    {
+      "type": "WEB",
+      "url": "https://web.archive.org/web/20240406061035/https://blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents"
     }
   ],
   "database_specific": {
diff --git a/advisories/github-reviewed/2026/03/GHSA-8689-gm9g-jgr6/GHSA-8689-gm9g-jgr6.json b/advisories/github-reviewed/2026/03/GHSA-8689-gm9g-jgr6/GHSA-8689-gm9g-jgr6.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8689-gm9g-jgr6",
-  "modified": "2026-03-31T23:50:02Z",
+  "modified": "2026-04-06T23:05:29Z",
   "published": "2026-03-31T23:50:02Z",
   "aliases": [],
   "summary": "OpenClaw: Voice-call Plivo V3 webhook replay key uses unsorted URL, allowing replay via query-parameter reordering",
diff --git a/advisories/github-reviewed/2026/04/GHSA-6336-qqw9-v6x6/GHSA-6336-qqw9-v6x6.json b/advisories/github-reviewed/2026/04/GHSA-6336-qqw9-v6x6/GHSA-6336-qqw9-v6x6.json
@@ -1,11 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6336-qqw9-v6x6",
-  "modified": "2026-04-03T03:26:51Z",
+  "modified": "2026-04-06T23:06:22Z",
   "published": "2026-04-03T03:26:51Z",
   "aliases": [],
   "summary": "OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message",
-  "details": "## Summary\nDiscord Component Interaction Misclassifies Group DM as Direct Message\n\n## Current Maintainer Triage\n- Status: narrow\n- Assessment: Real on shipped v2026.3.24 component-interaction routing/auth in extensions/discord/src/monitor/agent-components-helpers.ts, but impact is limited to Group DM policy or session misclassification.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `8c83128fc38d5a3642b8ccbea58550755fdbbbaf` — 2026-03-30T11:17:53-06:00\n\nOpenClaw thanks @nexrin for reporting.",
+  "details": "## Summary\nDiscord Component Interaction Misclassifies Group DM as Direct Message\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: low\n- Assessment: Real on shipped v2026.3.24 component-interaction routing/auth in extensions/discord/src/monitor/agent-components-helpers.ts, but impact is limited to Group DM policy or session misclassification.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `8c83128fc38d5a3642b8ccbea58550755fdbbbaf` — 2026-03-30T11:17:53-06:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @nexrin for reporting.",
   "severity": [
     {
       "type": "CVSS_V4",
diff --git a/advisories/github-reviewed/2026/04/GHSA-7429-hxcv-268m/GHSA-7429-hxcv-268m.json b/advisories/github-reviewed/2026/04/GHSA-7429-hxcv-268m/GHSA-7429-hxcv-268m.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7429-hxcv-268m",
-  "modified": "2026-04-01T20:25:49Z",
+  "modified": "2026-04-06T23:06:38Z",
   "published": "2026-04-01T20:25:49Z",
   "aliases": [
     "CVE-2026-34222"
@@ -51,6 +51,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/open-webui/open-webui/releases/tag/v0.8.11"
+    },
+    {
+      "type": "WEB",
+      "url": "http://seclists.org/fulldisclosure/2026/Apr/4"
     }
   ],
   "database_specific": {
diff --git a/advisories/github-reviewed/2026/04/GHSA-89r3-6x4j-v7wf/GHSA-89r3-6x4j-v7wf.json b/advisories/github-reviewed/2026/04/GHSA-89r3-6x4j-v7wf/GHSA-89r3-6x4j-v7wf.json
@@ -1,11 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-89r3-6x4j-v7wf",
-  "modified": "2026-04-02T20:57:02Z",
+  "modified": "2026-04-06T23:05:38Z",
   "published": "2026-04-02T20:57:02Z",
   "aliases": [],
   "summary": "OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection",
-  "details": "## Summary\nVoice-call Plivo replay mutates in-process callback origin before replay rejection\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: low\n- Assessment: v2026.3.28 can still mutate Plivo callback origin before replay rejection, but this needs a captured valid callback for a live call so medium is overstated.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `efe9183f9d2fd5e01c8068fa01f4a07a58a63c0b` — 2026-03-31T19:50:35+09:00\n\nOpenClaw thanks @zsxsoft for reporting.",
+  "details": "## Summary\nVoice-call Plivo replay mutates in-process callback origin before replay rejection\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: low\n- Assessment: v2026.3.28 can still mutate Plivo callback origin before replay rejection, but this needs a captured valid callback for a live call so medium is overstated.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `efe9183f9d2fd5e01c8068fa01f4a07a58a63c0b` — 2026-03-31T19:50:35+09:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @zsxsoft for reporting.",
   "severity": [
     {
       "type": "CVSS_V4",
diff --git a/advisories/github-reviewed/2026/04/GHSA-jjw7-3vjf-fg5j/GHSA-jjw7-3vjf-fg5j.json b/advisories/github-reviewed/2026/04/GHSA-jjw7-3vjf-fg5j/GHSA-jjw7-3vjf-fg5j.json
@@ -1,11 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jjw7-3vjf-fg5j",
-  "modified": "2026-04-02T20:58:08Z",
+  "modified": "2026-04-06T23:06:49Z",
   "published": "2026-04-02T20:58:08Z",
   "aliases": [],
   "summary": "OpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get",
-  "details": "## Summary\nOpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: medium\n- Assessment: v2026.3.28 still models Nostr privateKey as plain string so config views can expose it, and the secret-schema fix is unreleased.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `57700d716f660591fb6e09727f3ca8041fa48b9d` — 2026-03-31T19:55:03+09:00\n\nOpenClaw thanks @ccreater222 for reporting.",
+  "details": "## Summary\nOpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: medium\n- Assessment: v2026.3.28 still models Nostr privateKey as plain string so config views can expose it, and the secret-schema fix is unreleased.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `57700d716f660591fb6e09727f3ca8041fa48b9d` — 2026-03-31T19:55:03+09:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @ccreater222 for reporting.",
   "severity": [
     {
       "type": "CVSS_V4",

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-xfjj-f699-rc79",`
`4`		`- "modified": "2024-07-05T21:26:52Z",`
	`4`	`+ "modified": "2026-04-06T23:06:56Z",`
`5`	`5`	`"published": "2024-05-07T15:30:37Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2024-33434"`
`@@ -63,6 +63,10 @@`
`63`	`63`	`{`
`64`	`64`	`"type": "PACKAGE",`
`65`	`65`	`"url": "https://github.com/tiagorlampert/CHAOS"`
	`66`	`+ },`
	`67`	`+ {`
	`68`	`+ "type": "WEB",`
	`69`	`+ "url": "https://web.archive.org/web/20240406061035/https://blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents"`
`66`	`70`	`}`
`67`	`71`	`],`
`68`	`72`	`"database_specific": {`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-8689-gm9g-jgr6",`
`4`		`- "modified": "2026-03-31T23:50:02Z",`
	`4`	`+ "modified": "2026-04-06T23:05:29Z",`
`5`	`5`	`"published": "2026-03-31T23:50:02Z",`
`6`	`6`	`"aliases": [],`
`7`	`7`	`"summary": "OpenClaw: Voice-call Plivo V3 webhook replay key uses unsorted URL, allowing replay via query-parameter reordering",`
Original file line number	Diff line number	Diff line change
`@@ -1,11 +1,11 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-6336-qqw9-v6x6",`
`4`		`- "modified": "2026-04-03T03:26:51Z",`
	`4`	`+ "modified": "2026-04-06T23:06:22Z",`
`5`	`5`	`"published": "2026-04-03T03:26:51Z",`
`6`	`6`	`"aliases": [],`
`7`	`7`	`"summary": "OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message",`
`8`		- "details": "## Summary\nDiscord Component Interaction Misclassifies Group DM as Direct Message\n\n## Current Maintainer Triage\n- Status: narrow\n- Assessment: Real on shipped v2026.3.24 component-interaction routing/auth in extensions/discord/src/monitor/agent-components-helpers.ts, but impact is limited to Group DM policy or session misclassification.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `8c83128fc38d5a3642b8ccbea58550755fdbbbaf` — 2026-03-30T11:17:53-06:00\n\nOpenClaw thanks @nexrin for reporting.",
	`8`	+ "details": "## Summary\nDiscord Component Interaction Misclassifies Group DM as Direct Message\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: low\n- Assessment: Real on shipped v2026.3.24 component-interaction routing/auth in extensions/discord/src/monitor/agent-components-helpers.ts, but impact is limited to Group DM policy or session misclassification.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `8c83128fc38d5a3642b8ccbea58550755fdbbbaf` — 2026-03-30T11:17:53-06:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @nexrin for reporting.",
`9`	`9`	`"severity": [`
`10`	`10`	`{`
`11`	`11`	`"type": "CVSS_V4",`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-7429-hxcv-268m",`
`4`		`- "modified": "2026-04-01T20:25:49Z",`
	`4`	`+ "modified": "2026-04-06T23:06:38Z",`
`5`	`5`	`"published": "2026-04-01T20:25:49Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2026-34222"`
`@@ -51,6 +51,10 @@`
`51`	`51`	`{`
`52`	`52`	`"type": "WEB",`
`53`	`53`	`"url": "https://github.com/open-webui/open-webui/releases/tag/v0.8.11"`
	`54`	`+ },`
	`55`	`+ {`
	`56`	`+ "type": "WEB",`
	`57`	`+ "url": "http://seclists.org/fulldisclosure/2026/Apr/4"`
`54`	`58`	`}`
`55`	`59`	`],`
`56`	`60`	`"database_specific": {`
Original file line number	Diff line number	Diff line change
`@@ -1,11 +1,11 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-89r3-6x4j-v7wf",`
`4`		`- "modified": "2026-04-02T20:57:02Z",`
	`4`	`+ "modified": "2026-04-06T23:05:38Z",`
`5`	`5`	`"published": "2026-04-02T20:57:02Z",`
`6`	`6`	`"aliases": [],`
`7`	`7`	`"summary": "OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection",`
`8`		- "details": "## Summary\nVoice-call Plivo replay mutates in-process callback origin before replay rejection\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: low\n- Assessment: v2026.3.28 can still mutate Plivo callback origin before replay rejection, but this needs a captured valid callback for a live call so medium is overstated.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `efe9183f9d2fd5e01c8068fa01f4a07a58a63c0b` — 2026-03-31T19:50:35+09:00\n\nOpenClaw thanks @zsxsoft for reporting.",
	`8`	+ "details": "## Summary\nVoice-call Plivo replay mutates in-process callback origin before replay rejection\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: low\n- Assessment: v2026.3.28 can still mutate Plivo callback origin before replay rejection, but this needs a captured valid callback for a live call so medium is overstated.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `efe9183f9d2fd5e01c8068fa01f4a07a58a63c0b` — 2026-03-31T19:50:35+09:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @zsxsoft for reporting.",
`9`	`9`	`"severity": [`
`10`	`10`	`{`
`11`	`11`	`"type": "CVSS_V4",`
Original file line number	Diff line number	Diff line change
`@@ -1,11 +1,11 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-jjw7-3vjf-fg5j",`
`4`		`- "modified": "2026-04-02T20:58:08Z",`
	`4`	`+ "modified": "2026-04-06T23:06:49Z",`
`5`	`5`	`"published": "2026-04-02T20:58:08Z",`
`6`	`6`	`"aliases": [],`
`7`	`7`	`"summary": "OpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get",`
`8`		- "details": "## Summary\nOpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: medium\n- Assessment: v2026.3.28 still models Nostr privateKey as plain string so config views can expose it, and the secret-schema fix is unreleased.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `57700d716f660591fb6e09727f3ca8041fa48b9d` — 2026-03-31T19:55:03+09:00\n\nOpenClaw thanks @ccreater222 for reporting.",
	`8`	+ "details": "## Summary\nOpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: medium\n- Assessment: v2026.3.28 still models Nostr privateKey as plain string so config views can expose it, and the secret-schema fix is unreleased.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `57700d716f660591fb6e09727f3ca8041fa48b9d` — 2026-03-31T19:55:03+09:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @ccreater222 for reporting.",
`9`	`9`	`"severity": [`
`10`	`10`	`{`
`11`	`11`	`"type": "CVSS_V4",`