Publish Advisories

GHSA-6c9j-x93c-rw6j
GHSA-82g8-464f-2mv7
GHSA-2cjm-2gwv-m892
GHSA-5fw2-8jcv-xh87
GHSA-qmpg-8xg6-ph5q
GHSA-wgx8-r9vw-2w4h
GHSA-xjj9-2w6f-jg55

Author: advisory-database[bot]

advisories/github-reviewed/2026/02/GHSA-6c9j-x93c-rw6j/GHSA-6c9j-x93c-rw6j.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6c9j-x93c-rw6j",
-  "modified": "2026-02-27T21:55:45Z",
+  "modified": "2026-03-12T17:30:25Z",
   "published": "2026-02-19T22:06:26Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-4040"
+  ],
   "summary": "OpenClaw safeBins file-existence oracle information disclosure",
   "details": "An information disclosure vulnerability in OpenClaw's `tools.exec.safeBins` approval flow allowed a file-existence oracle.\n\nWhen safe-bin validation examined candidate file paths, command allow/deny behavior could differ based on whether a path already existed on the host filesystem. An attacker could probe for file presence by comparing outcomes for existing vs non-existing filenames.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.17`\n- Latest published vulnerable version at triage time: `2026.2.17`\n- Planned patched version: `2026.2.18`\n\n## Impact\nAttackers with access to this execution surface could infer whether specific files exist (for example secrets/config files), enabling filesystem enumeration and improving follow-on attack planning.\n\n## Fix\nThe safe-bin policy was changed to deterministic argv-only validation without host file-existence checks. File-oriented flags are blocked for safe-bin mode (for example `sort -o`, `jq -f`, `grep -f`), and trusted-path checks remain enforced.\n\n## Fix Commit(s)\n- `bafdbb6f112409a65decd3d4e7350fbd637c7754`\n\nFound using [MCPwner](https://github.com/Pigyon/MCPwner)\n\nThanks @nedlir for reporting.",
   "severity": [
@@ -41,6 +43,10 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6c9j-x93c-rw6j"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4040"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c7754"

advisories/github-reviewed/2026/02/GHSA-82g8-464f-2mv7/GHSA-82g8-464f-2mv7.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-82g8-464f-2mv7",
-  "modified": "2026-03-02T17:17:43Z",
+  "modified": "2026-03-12T17:30:21Z",
   "published": "2026-02-27T21:36:17Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-4039"
+  ],
   "summary": "OpenClaw: Skill env override host env injection via applySkillConfigEnvOverrides (defense-in-depth)",
   "details": "### Summary\n`applySkillConfigEnvOverrides` previously copied `skills.entries.*.env` values into the host `process.env` without applying the host env safety policy.\n\n### Impact\nIn affected versions, dangerous process-level variables such as `NODE_OPTIONS` could be injected when unset, which can influence runtime/child-process behavior.\n\n### Required attacker capability\nAn attacker must be able to modify OpenClaw local state/config (for example `~/.openclaw/openclaw.json`) to set `skills.entries.<skill>.env` or related skill config values.\n\n### Remediation\nFixed in `2026.2.21` by sanitizing skill env overrides and blocking dangerous host env keys (including `NODE_OPTIONS`) before applying overrides, with regression tests covering blocked dangerous keys.\n\n## Fix Commit(s)\n- `8c9f35cdb51692b650ddf05b259ccdd75cc9a83c`\n\nFound using [MCPwner](https://github.com/Pigyon/MCPwner)",
   "severity": [
@@ -38,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-82g8-464f-2mv7"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4039"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/8c9f35cdb51692b650ddf05b259ccdd75cc9a83c"

advisories/github-reviewed/2026/03/GHSA-2cjm-2gwv-m892/GHSA-2cjm-2gwv-m892.json

@@ -0,0 +1,84 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2cjm-2gwv-m892",
+  "modified": "2026-03-12T17:29:49Z",
+  "published": "2026-03-12T17:29:49Z",
+  "aliases": [
+    "CVE-2026-32242"
+  ],
+  "summary": "Parse Server's OAuth2 adapter shares mutable state across providers via singleton instance",
+  "details": "### Impact\n\nParse Server's built-in OAuth2 auth adapter exports a singleton instance that is reused directly across all OAuth2 provider configurations. Under concurrent authentication requests for different OAuth2 providers, one provider's token validation may execute using another provider's configuration, potentially allowing a token that should be rejected by one provider to be accepted because it is validated against a different provider's policy.\n\nDeployments that configure multiple OAuth2 providers via the `oauth2: true` flag are affected.\n\n### Patches\n\nThe fix ensures that a new adapter instance is created for each provider instead of reusing the singleton, so each provider's configuration is isolated.\n\n### Workarounds\n\nThere is no known workaround. If only a single OAuth2 provider is configured, the race condition cannot occur.\n\n### References\n\n- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-2cjm-2gwv-m892\n- Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.11\n- Fix Parse Server 8: https://github.com/parse-community/parse-server/releases/tag/8.6.37",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "parse-server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "9.0.0"
+            },
+            {
+              "fixed": "9.6.0-alpha.11"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "parse-server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "8.6.37"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-2cjm-2gwv-m892"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/parse-community/parse-server"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/parse-community/parse-server/releases/tag/8.6.37"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.11"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-362"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-12T17:29:49Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/03/GHSA-5fw2-8jcv-xh87/GHSA-5fw2-8jcv-xh87.json

@@ -0,0 +1,84 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5fw2-8jcv-xh87",
+  "modified": "2026-03-12T17:29:55Z",
+  "published": "2026-03-12T17:29:55Z",
+  "aliases": [
+    "CVE-2026-32248"
+  ],
+  "summary": "Parse Server: Account takeover via operator injection in authentication data identifier",
+  "details": "### Impact\n\nAn unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user identifier (e.g. anonymous authentication). By sending a crafted login request, the attacker can cause the server to perform a pattern-matching query instead of an exact-match lookup, allowing the attacker to match an existing user and obtain a valid session token for that user's account. Both MongoDB and PostgreSQL database backends are affected. Any Parse Server deployment that allows anonymous authentication (enabled by default) is vulnerable.\n\n### Patches\n\nThe fix enforces that the user identifier in authentication data is a string before using it in a database query. Non-string values are rejected with a validation error.\n\n### Workarounds\n\nThere is no known workaround.\n\n### References\n\n- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-5fw2-8jcv-xh87\n- Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.12\n- Fix Parse Server 8: https://github.com/parse-community/parse-server/releases/tag/8.6.38",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "parse-server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "9.0.0"
+            },
+            {
+              "fixed": "9.6.0-alpha.12"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "parse-server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "8.6.38"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-5fw2-8jcv-xh87"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/parse-community/parse-server"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/parse-community/parse-server/releases/tag/8.6.38"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.12"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-943"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-12T17:29:55Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/03/GHSA-qmpg-8xg6-ph5q/GHSA-qmpg-8xg6-ph5q.json

@@ -0,0 +1,86 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-qmpg-8xg6-ph5q",
+  "modified": "2026-03-12T17:29:30Z",
+  "published": "2026-03-12T17:29:30Z",
+  "aliases": [],
+  "summary": "Trix has a Stored XSS vulnerability through serialized attributes",
+  "details": "### Impact\nThe Trix editor, in versions prior to 2.1.17, is vulnerable to XSS attacks when a `data-trix-serialized-attributes` attribute bypasses the DOMPurify sanitizer.\n\nAn attacker could craft HTML containing a `data-trix-serialized-attributes` attribute with a malicious payload that, when the content is rendered, could execute arbitrary JavaScript code within the context of the user's session, potentially leading to unauthorized actions being performed or sensitive information being disclosed.\n\n### Patches\nUpdate Recommendation: Users should upgrade to Trix editor version 2.1.17 or later.\n\n### References\nThe XSS vulnerability was responsibly reported by Hackerone researcher [newbiefromcoma](https://hackerone.com/newbiefromcoma).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "RubyGems",
+        "name": "action_text-trix"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.1.17"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "trix"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.1.17"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/basecamp/trix/security/advisories/GHSA-qmpg-8xg6-ph5q"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/basecamp/trix/pull/1282"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/basecamp/trix/commit/53197ab5a142e6b0b76127cb790726b274eaf1bc"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/basecamp/trix"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/basecamp/trix/releases/tag/v2.1.17"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-12T17:29:30Z",
+    "nvd_published_at": null
+  }
+}

…-wgx8-r9vw-2w4h/GHSA-wgx8-r9vw-2w4h.json …-wgx8-r9vw-2w4h/GHSA-wgx8-r9vw-2w4h.jsonadvisories/unreviewed/2026/03/GHSA-wgx8-r9vw-2w4h/GHSA-wgx8-r9vw-2w4h.json renamed to advisories/github-reviewed/2026/03/GHSA-wgx8-r9vw-2w4h/GHSA-wgx8-r9vw-2w4h.json advisories/unreviewed/2026/03/GHSA-wgx8-r9vw-2w4h/GHSA-wgx8-r9vw-2w4h.json renamed to advisories/github-reviewed/2026/03/GHSA-wgx8-r9vw-2w4h/GHSA-wgx8-r9vw-2w4h.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wgx8-r9vw-2w4h",
-  "modified": "2026-03-12T12:30:29Z",
+  "modified": "2026-03-12T17:30:14Z",
   "published": "2026-03-12T12:30:29Z",
-  "aliases": [
-    "CVE-2026-4039"
-  ],
-  "details": "A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1 is able to resolve this issue. This patch is called 8c9f35cdb51692b650ddf05b259ccdd75cc9a83c. It is recommended to upgrade the affected component.",
+  "withdrawn": "2026-03-12T17:30:14Z",
+  "aliases": [],
+  "summary": " Duplicate Advisory: OpenClaw: Skill env override host env injection via applySkillConfigEnvOverrides (defense-in-depth)",
+  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-82g8-464f-2mv7. This link is maintained to preserve external references.\n\n### Original Description\nA vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1 is able to resolve this issue. This patch is called 8c9f35cdb51692b650ddf05b259ccdd75cc9a83c. It is recommended to upgrade the affected component.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -17,7 +17,27 @@
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.2.21"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "WEB",
@@ -57,8 +77,8 @@
       "CWE-74"
     ],
     "severity": "MODERATE",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-12T17:30:14Z",
     "nvd_published_at": "2026-03-12T12:15:59Z"
   }
 }