github
diff --git a/‎advisories/github-reviewed/2025/07/GHSA-2x45-7fc3-mxwq/GHSA-2x45-7fc3-mxwq.json‎
Lines changed: 81 additions & 0 deletions b/‎advisories/github-reviewed/2025/07/GHSA-2x45-7fc3-mxwq/GHSA-2x45-7fc3-mxwq.json‎
Lines changed: 81 additions & 0 deletions
diff --git a/‎advisories/github-reviewed/2026/02/GHSA-5xfq-5mr7-426q/GHSA-5xfq-5mr7-426q.json‎
Lines changed: 63 additions & 0 deletions b/‎advisories/github-reviewed/2026/02/GHSA-5xfq-5mr7-426q/GHSA-5xfq-5mr7-426q.json‎
Lines changed: 63 additions & 0 deletions
diff --git a/‎advisories/github-reviewed/2026/02/GHSA-83g3-92jg-28cx/GHSA-83g3-92jg-28cx.json‎
Lines changed: 65 additions & 0 deletions b/‎advisories/github-reviewed/2026/02/GHSA-83g3-92jg-28cx/GHSA-83g3-92jg-28cx.json‎
Lines changed: 65 additions & 0 deletions
diff --git a/‎advisories/github-reviewed/2026/02/GHSA-jqpq-mgvm-f9r6/GHSA-jqpq-mgvm-f9r6.json‎
Lines changed: 65 additions & 0 deletions b/‎advisories/github-reviewed/2026/02/GHSA-jqpq-mgvm-f9r6/GHSA-jqpq-mgvm-f9r6.json‎
Lines changed: 65 additions & 0 deletions
diff --git a/‎advisories/github-reviewed/2026/02/GHSA-v6c6-vqqg-w888/GHSA-v6c6-vqqg-w888.json‎
Lines changed: 67 additions & 0 deletions b/‎advisories/github-reviewed/2026/02/GHSA-v6c6-vqqg-w888/GHSA-v6c6-vqqg-w888.json‎
Lines changed: 67 additions & 0 deletions
@@ -0,0 +1,81 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2x45-7fc3-mxwq",
+  "modified": "2026-02-18T00:55:29Z",
+  "published": "2025-07-31T21:31:53Z",
+  "aliases": [
+    "CVE-2025-45769"
+  ],
+  "summary": "php-jwt contains weak encryption",
+  "details": "php-jwt v6.11.0 was discovered to contain weak encryption.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "firebase/php-jwt"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "7.0.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45769"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/firebase/php-jwt/issues/611"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/firebase/php-jwt/issues/618"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/firebase/php-jwt/pull/613"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/firebase/php-jwt/commit/6b80341bf57838ea2d011487917337901cd71576"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gist.github.com/ZupeiNie/83756316c4c24fe97a50176a92608db3"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/firebase/php-jwt"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/firebase/php-jwt/releases/tag/v7.0.0"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-326"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-02-18T00:55:29Z",
+    "nvd_published_at": "2025-07-31T20:15:33Z"
+  }
+}
@@ -0,0 +1,63 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5xfq-5mr7-426q",
+  "modified": "2026-02-18T00:57:30Z",
+  "published": "2026-02-18T00:57:30Z",
+  "aliases": [],
+  "summary": "OpenClaw's unsanitized session ID enables path traversal in transcript file operations",
+  "details": "## Description\n\nOpenClaw versions **<= 2026.2.9** construct transcript file paths using an unsanitized `sessionId` and also accept `sessionFile` paths without enforcing that they stay within the agent sessions directory.\n\nA crafted `sessionId` and/or `sessionFile` (example: `../../etc/passwd`) can cause path traversal when the gateway performs transcript file read/write operations.\n\n**Preconditions:** an attacker must be able to authenticate to the gateway (gateway token/password). By default the gateway binds to `loopback` (local-only); configurations that expose the gateway widen the attack surface.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `<= 2026.2.9`\n- Fixed: `>= 2026.2.12`\n\n## Fix\n\nFixed by validating session IDs (rejecting path separators / traversal sequences) and enforcing sessions-directory containment for session transcript file operations.\n\n### Fix Commit(s)\n\n- `4199f9889f0c307b77096a229b9e085b8d856c26`\n\n### Additional Hardening\n\n- `cab0abf52ac91e12ea7a0cf04fff315cf0c94d64`\n\n## Mitigation\n\nUpgrade to `openclaw >= 2026.2.12`.\n\nThanks @akhmittra for reporting.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.2.12"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5xfq-5mr7-426q"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/4199f9889f0c307b77096a229b9e085b8d856c26"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.12"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-02-18T00:57:30Z",
+    "nvd_published_at": null
+  }
+}
@@ -0,0 +1,65 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-83g3-92jg-28cx",
+  "modified": "2026-02-18T00:57:13Z",
+  "published": "2026-02-18T00:57:13Z",
+  "aliases": [
+    "CVE-2026-26960"
+  ],
+  "summary": "Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction",
+  "details": "### Summary\n`tar.extract()` in Node `tar` allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options.\n\nThis enables **arbitrary file read and write** as the extracting user (no root, no chmod, no `preservePaths`).\n\nSeverity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive.\n\n### Details\nThe bypass chain uses two symlinks plus one hardlink:\n\n1. `a/b/c/up -> ../..`\n2. `a/b/escape -> c/up/../..`\n3. `exfil` (hardlink) -> `a/b/escape/<target-relative-to-parent-of-extract>`\n\nWhy this works:\n\n- Linkpath checks are string-based and do not resolve symlinks on disk for hardlink target safety.\n  - See `STRIPABSOLUTEPATH` logic in:\n    - `../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:255`\n    - `../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:268`\n    - `../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:281`\n\n- Hardlink extraction resolves target as `path.resolve(cwd, entry.linkpath)` and then calls `fs.link(target, destination)`.\n  - `../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:566`\n  - `../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:567`\n  - `../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:703`\n\n- Parent directory safety checks (`mkdir` + symlink detection) are applied to the destination path of the extracted entry, not to the resolved hardlink target path.\n  - `../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:617`\n  - `../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:619`\n  - `../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/mkdir.js:27`\n  - `../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/mkdir.js:101`\n\nAs a result, `exfil` is created inside extraction root but linked to an external file. The PoC confirms shared inode and successful read+write via `exfil`.\n\n### PoC\n[hardlink.js](https://github.com/user-attachments/files/25240082/hardlink.js)\nEnvironment used for validation:\n\n- Node: `v25.4.0`\n- tar: `7.5.7`\n- OS: macOS Darwin 25.2.0\n- Extract options: defaults (`tar.extract({ file, cwd })`)\n\nSteps:\n\n1. Prepare/locate a `tar` module. If `require('tar')` is not available locally, set `TAR_MODULE` to an absolute path to a tar package directory.\n\n2. Run:\n\n```bash\nTAR_MODULE=\"$(cd '../tar-audit-setuid - CVE/node_modules/tar' && pwd)\" node hardlink.js\n```\n\n3. Expected vulnerable output (key lines):\n\n```text\nsame_inode=true\nread_ok=true\nwrite_ok=true\nresult=VULNERABLE\n```\n\nInterpretation:\n\n- `same_inode=true`: extracted `exfil` and external secret are the same file object.\n- `read_ok=true`: reading `exfil` leaks external content.\n- `write_ok=true`: writing `exfil` modifies external file.\n\n### Impact\nVulnerability type:\n\n- Arbitrary file read/write via archive extraction path confusion and link resolution.\n\nWho is impacted:\n\n- Any application/service that extracts attacker-controlled tar archives with Node `tar` defaults.\n- Impact scope is the privileges of the extracting process user.\n\nPotential outcomes:\n\n- Read sensitive files reachable by the process user.\n- Overwrite writable files outside extraction root.\n- Escalate impact depending on deployment context (keys, configs, scripts, app data).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "tar"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "7.5.8"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/isaacs/node-tar"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-02-18T00:57:13Z",
+    "nvd_published_at": null
+  }
+}
@@ -0,0 +1,65 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jqpq-mgvm-f9r6",
+  "modified": "2026-02-18T00:55:50Z",
+  "published": "2026-02-18T00:55:50Z",
+  "aliases": [],
+  "summary": "OpenClaw: Command hijacking via unsafe PATH handling (bootstrapping + node-host PATH overrides)",
+  "details": "# Command hijacking via PATH handling\n\n**Discovered:** 2026-02-04\n**Reporter:** @akhmittra\n\n## Summary\n\nOpenClaw previously accepted untrusted PATH sources in limited situations. In affected versions, this could cause OpenClaw to resolve and execute an unintended binary (\"command hijacking\") when running host commands.\n\nThis issue primarily matters when OpenClaw is relying on allowlist/safe-bin protections and expects `PATH` to be trustworthy.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `< 2026.2.14`\n- Patched: `>= 2026.2.14` (planned next release)\n\n## What Is Required To Trigger This\n\n### A) Node Host PATH override (remote command hijack)\n\nAn attacker needs all of the following:\n\n- Authenticated/authorized access to an execution surface that can invoke node-host execution (for example, a compromised gateway or a caller that can issue `system.run`).\n- A node host connected and exposing `system.run`.\n- A configuration where allowlist/safe-bins are expected to restrict execution (this is not meaningful if full arbitrary exec is already allowed).\n- The ability to pass request-scoped environment overrides (specifically `PATH`) into `system.run`.\n- A way to place an attacker-controlled executable earlier in `PATH` (for example, a writable directory on the node host), with a name that matches an allowlisted/safe-bin command that OpenClaw will run.\n\nNotes:\n\n- OpenClaw deployments commonly require a gateway token/password (or equivalent transport authentication). This should not be treated as unauthenticated Internet RCE.\n- This scenario typically depends on **non-standard / misconfigured deployments** (for example, granting untrusted parties access to invoke node-host execution or otherwise exposing a privileged execution surface beyond the intended trust boundary).\n\n### B) Project-local PATH bootstrapping (local command hijack)\n\nAn attacker needs all of the following:\n\n- The victim runs OpenClaw from within an attacker-controlled working directory (for example, cloning and running inside a malicious repository).\n- That directory contains a `node_modules/.bin/openclaw` and additional attacker-controlled executables in the same directory.\n- OpenClaw subsequently executes a command by name (resolved via `PATH`) that matches one of those attacker-controlled executables.\n\n## Fix\n\n- Project-local `node_modules/.bin` PATH bootstrapping is now **disabled by default**. If explicitly enabled, it is **append-only** (never prepended) via `OPENCLAW_ALLOW_PROJECT_LOCAL_BIN=1`.\n- Node Host now ignores request-scoped `PATH` overrides.\n\n## Fix Commit(s)\n\n- 013e8f6b3be3333a229a066eef26a45fec47ffcc\n\nThanks @akhmittra for reporting.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.2.14"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jqpq-mgvm-f9r6"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/013e8f6b3be3333a229a066eef26a45fec47ffcc"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-427",
+      "CWE-78",
+      "CWE-807"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-02-18T00:55:50Z",
+    "nvd_published_at": null
+  }
+}
@@ -0,0 +1,67 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-v6c6-vqqg-w888",
+  "modified": "2026-02-18T00:57:48Z",
+  "published": "2026-02-18T00:57:48Z",
+  "aliases": [],
+  "summary": "OpenClaw affected by potential code execution via unsafe hook module path handling in Gateway",
+  "details": "## Summary\n\nOpenClaw Gateway supports hook mappings with optional JavaScript/TypeScript transform modules. In affected versions, the gateway did not sufficiently constrain configured module paths before passing them to dynamic `import()`. Under some configurations, a user who can modify gateway configuration could cause the gateway process to load and execute an unintended local module.\n\n## Impact\n\nPotential code execution in the OpenClaw gateway Node.js process.\n\nThis requires access that can modify gateway configuration (for example via the gateway config endpoints). Treat such access as high privilege.\n\n## Affected Packages / Versions\n\n- npm package: `openclaw`\n- Affected: `>= 2026.1.5` and `<= 2026.2.13`\n\n## Patched Versions\n\n- `>= 2026.2.14`\n\n## Fix Commit(s)\n\n- `a0361b8ba959e8506dc79d638b6e6a00d12887e4` (restrict hook transform module loading)\n- `35c0e66ed057f1a9f7ad2515fdcef516bd6584ce` (harden hooks module loading)\n\n## Mitigation\n\n- Upgrade to `2026.2.14` or newer.\n- Avoid exposing gateway configuration endpoints to untrusted networks.\n- Review config for unsafe values:\n  - `hooks.mappings[].transform.module`\n  - `hooks.internal.handlers[].module`\n\nThanks @222n5 for reporting.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2026.1.5"
+            },
+            {
+              "fixed": "2026.2.14"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v6c6-vqqg-w888"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/35c0e66ed057f1a9f7ad2515fdcef516bd6584ce"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/a0361b8ba959e8506dc79d638b6e6a00d12887e4"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-02-18T00:57:48Z",
+    "nvd_published_at": null
+  }
+}