{"source":"github-security","name":"GitHub Security Advisories","kind":"widget","via":"native","records":[{"id":"GHSA-xrvw-c6vh-v4r5","title":"clawvet self-hosted API server (apps/api) before 0.7.5 hard-codes a fallback JWT secret ('clawvet...","subtitle":"2026-07-17T03:31:24Z","value":"critical","href":""},{"id":"GHSA-qrm9-ppgh-qwm9","title":"grav-plugin-api before 1.0.6 fails to validate super-admin status in createApiKey, generate2fa,...","subtitle":"2026-07-17T03:31:24Z","value":"high","href":""},{"id":"GHSA-rw7h-h988-gfff","title":"OpenRemote before 1.26.0 contain an authenticated SQL injection vulnerability in the datapoint...","subtitle":"2026-07-17T03:31:24Z","value":"high","href":""},{"id":"GHSA-rv94-vqvr-wjjh","title":"Grav before 2.0.4 fails to restrict cURL protocols in webhook dispatch, allowing authenticated...","subtitle":"2026-07-17T03:31:24Z","value":"high","href":""},{"id":"GHSA-cx27-6j8x-h4h6","title":"The Grav API plugin (getgrav/grav-plugin-api) before 1.0.0-rc.16 accepts JWT access tokens...","subtitle":"2026-07-17T03:31:24Z","value":"high","href":""},{"id":"GHSA-h4x5-fmw9-97f9","title":"The Grav API plugin (getgrav/grav-plugin-api) before 1.0.0-rc.16 shipped Access-Control-Allow...","subtitle":"2026-07-17T03:31:24Z","value":"high","href":""},{"id":"GHSA-4m9m-rmh9-2pgf","title":"Grav before 2.0.4 contains a two-factor authentication bypass vulnerability in the login plugin...","subtitle":"2026-07-17T03:31:23Z","value":"critical","href":""},{"id":"GHSA-xjjc-hxq8-fxj5","title":"OpenClaw before 2026.6.5 contain an authorization bypass vulnerability in node exec approvals...","subtitle":"2026-07-17T03:31:23Z","value":"high","href":""},{"id":"GHSA-5mv9-76r9-rprq","title":"Grav before 2.0.4 ships a default .htaccess (and reference webserver-configs/htaccess.txt) whose...","subtitle":"2026-07-17T03:31:23Z","value":"high","href":""},{"id":"GHSA-q7w3-h9x7-95x7","title":"The Grav API plugin (getgrav/grav-plugin-api) before 1.0.6 contains an authorization bypass: API...","subtitle":"2026-07-17T03:31:23Z","value":"high","href":""},{"id":"GHSA-ww99-rc68-x2pj","title":"OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in the device-pair...","subtitle":"2026-07-17T03:31:23Z","value":"high","href":""},{"id":"GHSA-74vp-c44x-892q","title":"OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob...","subtitle":"2026-07-17T03:31:23Z","value":"high","href":""},{"id":"GHSA-7m8v-vm4p-2vf4","title":"OpenClaw before 2026.5.22 contain a vulnerability in setup-mode discovery that allows loading of...","subtitle":"2026-07-17T03:31:23Z","value":"high","href":""},{"id":"GHSA-rv8f-q23g-2wjx","title":"OpenClaw 2026.5.14-beta.1 before 2026.5.27 contain an authorization flaw in the QQBot exec...","subtitle":"2026-07-17T03:31:22Z","value":"high","href":""},{"id":"GHSA-4cxx-m26f-jmx8","title":"OpenClaw 2026.1.20 before 2026.5.27 contain an authorization bypass vulnerability in the device...","subtitle":"2026-07-17T03:31:22Z","value":"high","href":""},{"id":"GHSA-8x5v-5gh2-qr2j","title":"OpenClaw versions 2026.5.10-beta.1 before 2026.6.5 contain an authorization bypass in the...","subtitle":"2026-07-17T03:31:21Z","value":"high","href":""},{"id":"GHSA-86p5-rr4v-4pj8","title":"OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability that allows...","subtitle":"2026-07-17T03:31:21Z","value":"high","href":""},{"id":"GHSA-q58p-x48c-c32c","title":"OpenClaw versions before 2026.6.6 contain an environment variable filtering vulnerability in host...","subtitle":"2026-07-17T03:31:20Z","value":"high","href":""},{"id":"GHSA-3h83-c8w5-cccx","title":"The Bricksforge plugin for WordPress is vulnerable to Privilege Escalation in all versions up to,...","subtitle":"2026-07-17T03:31:19Z","value":"critical","href":""},{"id":"GHSA-qhfj-5gcr-fpxq","title":"OpenClaw versions 2026.6.1 before 2026.6.9 contain a privilege escalation vulnerability in...","subtitle":"2026-07-17T03:31:19Z","value":"high","href":""},{"id":"GHSA-xq34-4qgv-ggmc","title":"Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and...","subtitle":"2026-07-17T00:32:12Z","value":"critical","href":""},{"id":"GHSA-v83q-c28h-3q53","title":"Concurrent execution using shared resource with improper synchronization ('race condition') in...","subtitle":"2026-07-17T00:32:12Z","value":"high","href":""},{"id":"GHSA-58pc-566f-r6jx","title":"A time-of-check to time-of-use (TOCTOU) race condition in the installation and uninstallation...","subtitle":"2026-07-17T00:32:12Z","value":"high","href":""},{"id":"GHSA-g52r-hw2c-c98r","title":"Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute...","subtitle":"2026-07-17T00:32:12Z","value":"high","href":""},{"id":"GHSA-m894-wgpg-hwpv","title":"WireGuard Easy through 15.3.0, fixed in commit 66b292b, contains a cryptographically weak one...","subtitle":"2026-07-16T21:30:38Z","value":"critical","href":""},{"id":"GHSA-x8wr-6q4x-7843","title":"EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostat Firmware up to the latest version 1.46...","subtitle":"2026-07-16T21:30:38Z","value":"high","href":""},{"id":"GHSA-vgcc-2r5p-6qvc","title":"A time-of-check to time-of-use (TOCTOU) race condition in the installation and uninstallation...","subtitle":"2026-07-16T21:30:38Z","value":"high","href":""},{"id":"GHSA-j5h4-p4x2-xq3g","title":"Directory traversal vulnerability in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3...","subtitle":"2026-07-16T21:30:38Z","value":"high","href":""},{"id":"GHSA-97jw-3fv7-jf6h","title":"Improper Privilege Management in Zoom Rooms for Windows before version 7.1.0 may allow an...","subtitle":"2026-07-16T21:30:38Z","value":"high","href":""},{"id":"GHSA-4g4j-8g2w-gqh9","title":"SALTO ProAccess Space software using the tenancy feature / logical \npartition is vulnerable to a...","subtitle":"2026-07-16T21:30:38Z","value":"high","href":""}],"count":30,"generated_at":"2026-07-17T06:11:16.422Z","cached":true}