AI Threat Alert
AI Component
Agent
AI agent frameworks (AutoGPT, CrewAI, LangGraph, etc.) orchestrate LLM-powered autonomous actions. Their tool-use capabilities create unique attack surfaces not present in simple chat interfaces.
300
Total CVEs
15
Pages
Page 13 of 15
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | GHSA-fh32-73r9-rgh5 | OpenClaw: CDP host bypass exposes localhost browser state | openclaw | - |
| MEDIUM | GHSA-w6wx-jq6j-6mcj | openclaw: script swap bypasses pnpm dlx approval | openclaw | - |
| MEDIUM | GHSA-98ch-45wp-ch47 | OpenClaw: approval bypass via env key normalization gap | openclaw | - |
| MEDIUM | GHSA-2f7j-rp58-mr42 | OpenClaw: info disclosure exposes host filesystem paths | openclaw | - |
| MEDIUM | GHSA-2qrv-rc5x-2g2h | OpenClaw: untrusted plugin RCE via workspace channel setup | openclaw | - |
| MEDIUM | GHSA-5hff-46vh-rxmw | OpenClaw: read-only scope bypass kills agent sessions | openclaw | - |
| MEDIUM | GHSA-4p4f-fc8q-84m3 | openclaw: iOS bridge bypass enables unauthorized agent runs | openclaw | - |
| MEDIUM | GHSA-846p-hgpv-vphc | OpenClaw: path traversal → host file exfiltration via QQ Bot | openclaw | - |
| MEDIUM | GHSA-m34q-h93w-vg5x | openclaw: path traversal enables remote dir overwrite | openclaw | - |
| LOW | GHSA-fqrj-m88p-qf3v | OpenClaw: cross-account webhook event suppression | openclaw | - |
| MEDIUM | GHSA-wwfp-w96m-c6x8 | OpenClaw: pairing DoS blocks account onboarding | openclaw | - |
| MEDIUM | GHSA-h43v-27wg-5mf9 | OpenClaw: pre-auth signature bypass enables pairing DoS | openclaw | - |
| MEDIUM | GHSA-wpc6-37g7-8q4w | OpenClaw: exec allowlist bypass via shell init-file options | openclaw | - |
| MEDIUM | GHSA-42mx-vp8m-j7qh | openclaw: sandbox escape via mirror mode hook execution | openclaw | - |
| LOW | GHSA-767m-xrhc-fxm7 | openclaw: operator.write escalates to admin Telegram config + cron | openclaw | - |
| MEDIUM | GHSA-fwjq-xwfj-gv75 | openclaw: auth bypass exposes agent session visibility | openclaw | - |
| MEDIUM | GHSA-3q42-xmxv-9vfr | openclaw: privilege escalation to admin voice config persistence | openclaw | - |
| HIGH | GHSA-vfw7-6rhc-6xxg | openclaw: env var injection via workspace config | openclaw | - |
| MEDIUM | GHSA-vjx8-8p7h-82gr | openclaw: SSRF in marketplace plugin download | openclaw | - |
| MEDIUM | GHSA-4g5x-2jfc-xm98 | openclaw: media download bypass exhausts disk storage | openclaw | - |