github
diff --git a/‎advisories/github-reviewed/2026/03/GHSA-7fqq-q52p-2jjg/GHSA-7fqq-q52p-2jjg.json‎
Lines changed: 86 additions & 0 deletions b/‎advisories/github-reviewed/2026/03/GHSA-7fqq-q52p-2jjg/GHSA-7fqq-q52p-2jjg.json‎
Lines changed: 86 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/03/GHSA-2wr7-vxm4-hx3g/GHSA-2wr7-vxm4-hx3g.json‎
Lines changed: 44 additions & 0 deletions b/‎advisories/unreviewed/2026/03/GHSA-2wr7-vxm4-hx3g/GHSA-2wr7-vxm4-hx3g.json‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/03/GHSA-3pvp-95ff-24g4/GHSA-3pvp-95ff-24g4.json‎
Lines changed: 44 additions & 0 deletions b/‎advisories/unreviewed/2026/03/GHSA-3pvp-95ff-24g4/GHSA-3pvp-95ff-24g4.json‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/03/GHSA-5w3r-prr4-7j25/GHSA-5w3r-prr4-7j25.json‎
Lines changed: 44 additions & 0 deletions b/‎advisories/unreviewed/2026/03/GHSA-5w3r-prr4-7j25/GHSA-5w3r-prr4-7j25.json‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/03/GHSA-6q2v-vfwp-pvwh/GHSA-6q2v-vfwp-pvwh.json‎
Lines changed: 48 additions & 0 deletions b/‎advisories/unreviewed/2026/03/GHSA-6q2v-vfwp-pvwh/GHSA-6q2v-vfwp-pvwh.json‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/03/GHSA-6rxp-6g9v-64v8/GHSA-6rxp-6g9v-64v8.json‎
Lines changed: 44 additions & 0 deletions b/‎advisories/unreviewed/2026/03/GHSA-6rxp-6g9v-64v8/GHSA-6rxp-6g9v-64v8.json‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/03/GHSA-8jfx-rqjm-9jhf/GHSA-8jfx-rqjm-9jhf.json‎
Lines changed: 44 additions & 0 deletions b/‎advisories/unreviewed/2026/03/GHSA-8jfx-rqjm-9jhf/GHSA-8jfx-rqjm-9jhf.json‎
Lines changed: 44 additions & 0 deletions
@@ -0,0 +1,86 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7fqq-q52p-2jjg",
+  "modified": "2026-03-29T15:27:41Z",
+  "published": "2026-03-29T15:27:41Z",
+  "aliases": [],
+  "summary": "OpenCC  has an Out-of-bounds read when processing truncated UTF-8 input",
+  "details": "### Summary\n\nOpenCC versions before 1.2.0 contain two `CWE-125: Out-of-bounds Read` issues caused by length validation failures in UTF-8 processing. When handling malformed or truncated UTF-8 input, OpenCC trusted derived length values without enforcing the invariant that processed length must not exceed the remaining input buffer. This could result in out-of-bounds reads during segmentation or conversion.\n\n### Details\n\nTwo independent code paths in OpenCC failed to enforce the invariant:\n\n`matchedLength <= remainingLength`\n\nBoth paths assumed derived length values were valid and within input bounds, but did not validate that assumption against the remaining buffer. This created the following failure chain:\n\n`invalid UTF-8 -> incorrect derived length -> incorrect pointer advance -> remaining-length desynchronization -> out-of-bounds read`\n\nIn `MaxMatchSegmentation::Segment`, this could desynchronize remaining-length tracking and cause out-of-bounds reads during prefix matching.\n\nIn `Conversion::Convert(const char*)`, similar logic could advance processing past the end of the input string and read beyond the null terminator into adjacent memory. In some cases, unintended heap bytes could be propagated into the conversion result.\n\nPR #1005 fixes both issues by explicitly tracking input boundaries, recomputing remaining length on each iteration, and clamping processed lengths so the buffer-bound invariant is preserved.\n\nAffected versions:\n\n* All versions before 1.2.0\n\nPatched version:\n\n* 1.2.0\n\n### PoC\n\nBuild a vulnerable version with AddressSanitizer enabled and process input ending with a truncated UTF-8 sequence, such as a missing final byte of a 3-byte character. The original report and ASan reproduction are available in [Issue #997](https://github.com/BYVoid/OpenCC/issues/997).\n\n### Impact\n\nThis vulnerability may cause process crashes and limited, non-deterministic information disclosure when OpenCC processes malformed or attacker-controlled UTF-8 input. The issue does not indicate arbitrary write or code execution.\n\nOpenCC is distributed through system and language-specific package managers, prebuilt binaries, container images, and downstream software, so affected versions may be present even when it is not listed as a direct dependency. Users should upgrade all installed or bundled copies of OpenCC to 1.2.0 or later.\n\n### Credit\n\nOpenCC thanks @oneafter for reporting the issue.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "opencc"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.2.0"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "OpenCC"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.2.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/BYVoid/OpenCC/security/advisories/GHSA-7fqq-q52p-2jjg"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/BYVoid/OpenCC/issues/997"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/BYVoid/OpenCC/pull/1005"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/BYVoid/OpenCC"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/BYVoid/OpenCC/releases/tag/ver.1.2.0"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-29T15:27:41Z",
+    "nvd_published_at": null
+  }
+}
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2wr7-vxm4-hx3g",
+  "modified": "2026-03-29T15:30:19Z",
+  "published": "2026-03-29T15:30:19Z",
+  "aliases": [
+    "CVE-2026-32923"
+  ],
+  "details": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction ingestion that fails to enforce member users and roles allowlist checks. Non-allowlisted guild members can trigger reaction events accepted as trusted system events, injecting reaction text into downstream session context.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9vvh-2768-c8vp"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32923"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-discord-guild-reaction-allowlist-enforcement"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-863"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-29T13:17:00Z"
+  }
+}
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3pvp-95ff-24g4",
+  "modified": "2026-03-29T15:30:19Z",
+  "published": "2026-03-29T15:30:19Z",
+  "aliases": [
+    "CVE-2026-32973"
+  ],
+  "details": "OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or paths not intended by operators.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f8r2-vg7x-gh8m"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32973"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-exec-allowlist-pattern-overmatch-via-posix-path-normalization"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-625"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-29T13:17:01Z"
+  }
+}
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5w3r-prr4-7j25",
+  "modified": "2026-03-29T15:30:20Z",
+  "published": "2026-03-29T15:30:20Z",
+  "aliases": [
+    "CVE-2026-33573"
+  ],
+  "details": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and workspaceDir values. Remote operators can escape the configured workspace boundary and execute arbitrary file and exec operations from any process-accessible directory.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2rqg-gjgv-84jm"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33573"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-workspace-boundary-bypass-via-agent-rpc-parameters"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-668"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-29T13:17:02Z"
+  }
+}
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6q2v-vfwp-pvwh",
+  "modified": "2026-03-29T15:30:20Z",
+  "published": "2026-03-29T15:30:20Z",
+  "aliases": [
+    "CVE-2026-33574"
+  ],
+  "details": "OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation and final write to redirect the installer outside the intended tools directory.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vhwf-4x96-vqx2"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33574"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/9abf014f3502009faf9c73df5ca2cff719e54639"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-path-traversal-via-tools-root-rebinding-in-skills-download"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-367"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-29T13:17:03Z"
+  }
+}
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6rxp-6g9v-64v8",
+  "modified": "2026-03-29T15:30:20Z",
+  "published": "2026-03-29T15:30:20Z",
+  "aliases": [
+    "CVE-2026-33575"
+  ],
+  "details": "OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots can recover and reuse the shared gateway credential outside the intended one-time pairing flow.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7h7g-x2px-94hj"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33575"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-long-lived-credential-exposure-in-pairing-setup-codes"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-522"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-29T13:17:03Z"
+  }
+}
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8jfx-rqjm-9jhf",
+  "modified": "2026-03-29T15:30:19Z",
+  "published": "2026-03-29T15:30:19Z",
+  "aliases": [
+    "CVE-2026-32915"
+  ],
+  "details": "OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause execution with broader tool policies by exploiting insufficient authorization checks on subagent control requests.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4w7m-58cg-cmff"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32915"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-subagent-control-surface"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-863"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-29T13:16:59Z"
+  }
+}