github
diff --git a/‎advisories/github-reviewed/2026/03/GHSA-56cv-c5p2-j2wg/GHSA-56cv-c5p2-j2wg.json‎
Lines changed: 64 additions & 0 deletions b/‎advisories/github-reviewed/2026/03/GHSA-56cv-c5p2-j2wg/GHSA-56cv-c5p2-j2wg.json‎
Lines changed: 64 additions & 0 deletions
diff --git a/‎advisories/github-reviewed/2026/03/GHSA-67rw-2x62-mqqm/GHSA-67rw-2x62-mqqm.json‎
Lines changed: 61 additions & 0 deletions b/‎advisories/github-reviewed/2026/03/GHSA-67rw-2x62-mqqm/GHSA-67rw-2x62-mqqm.json‎
Lines changed: 61 additions & 0 deletions
diff --git a/‎advisories/github-reviewed/2026/03/GHSA-8g75-q649-6pv6/GHSA-8g75-q649-6pv6.json‎
Lines changed: 67 additions & 0 deletions b/‎advisories/github-reviewed/2026/03/GHSA-8g75-q649-6pv6/GHSA-8g75-q649-6pv6.json‎
Lines changed: 67 additions & 0 deletions
diff --git a/‎advisories/github-reviewed/2026/03/GHSA-8j2w-6fmm-m587/GHSA-8j2w-6fmm-m587.json‎
Lines changed: 58 additions & 0 deletions b/‎advisories/github-reviewed/2026/03/GHSA-8j2w-6fmm-m587/GHSA-8j2w-6fmm-m587.json‎
Lines changed: 58 additions & 0 deletions
diff --git a/‎advisories/github-reviewed/2026/03/GHSA-g7cr-9h7q-4qxq/GHSA-g7cr-9h7q-4qxq.json‎
Lines changed: 62 additions & 0 deletions b/‎advisories/github-reviewed/2026/03/GHSA-g7cr-9h7q-4qxq/GHSA-g7cr-9h7q-4qxq.json‎
Lines changed: 62 additions & 0 deletions
diff --git a/‎advisories/github-reviewed/2026/03/GHSA-gp3q-wpq4-5c5h/GHSA-gp3q-wpq4-5c5h.json‎
Lines changed: 66 additions & 0 deletions b/‎advisories/github-reviewed/2026/03/GHSA-gp3q-wpq4-5c5h/GHSA-gp3q-wpq4-5c5h.json‎
Lines changed: 66 additions & 0 deletions
@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-56cv-c5p2-j2wg",
+  "modified": "2026-03-12T14:23:14Z",
+  "published": "2026-03-12T14:23:14Z",
+  "aliases": [
+    "CVE-2026-32110"
+  ],
+  "summary": "SiYuan has a Full-Read SSRF via /api/network/forwardProxy",
+  "details": "### Summary\nThe `/api/network/forwardProxy` endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to internal networks, localhost, or cloud metadata services.\n\n### Affected Code\nFile: `/kernel/api/network.go` (Lines `153-317`)\n```\nfunc forwardProxy(c *gin.Context) {\n    ret := gulu.Ret.NewResult()\n    defer c.JSON(http.StatusOK, ret)\n\n    arg, ok := util.JsonArg(c, ret)\n    if !ok {\n        return\n    }\n\n    destURL := arg[\"url\"].(string)\n    // VULNERABILITY: Only validates URL format, not destination\n    if _, e := url.ParseRequestURI(destURL); nil != e {\n        ret.Code = -1\n        ret.Msg = \"invalid [url]\"\n        return\n    }\n\n    // ... HTTP request is made to user-controlled URL ...\n    resp, err := request.Send(method, destURL)\n    \n    // Full response body is returned to the user\n    bodyData, err := io.ReadAll(resp.Body)\n    // ...\n    ret.Data = data  // Contains full response body\n}\n```\n### PoC\n- First, authenticate with your access auth code and copy the authenticated cookie.\n- Now use the request below for SSRF to Access Cloud Metadata.\n```\nPOST /api/network/forwardProxy HTTP/1.1\nHost: <HOST>\nCookie: siyuan=<COOKIE>\nContent-Length: 102\n\n{\"url\":\"http://169.254.169.254/metadata/v1/\",\"method\":\"GET\",\"headers\":[],\"payload\":\"\",\"timeout\":7000}'\n```\n<img width=\"1230\" height=\"754\" alt=\"Screenshot 2026-03-11 at 1 23 36 AM\" src=\"https://github.com/user-attachments/assets/60486dba-1ccd-4287-8073-b803854756a2\" />\n\n### Impact\n- Internal Network Reconnaissance: Attackers can scan internal services\n- Cloud Credential Theft: Potential access to cloud metadata and IAM credentials\n- Data Exfiltration: Server can be used as a proxy to access internal resources\n- Firewall Bypass: Requests originate from trusted internal IP",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/siyuan-note/siyuan/kernel"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "3.6.0"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 3.5.9"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56cv-c5p2-j2wg"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32110"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/siyuan-note/siyuan"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-12T14:23:14Z",
+    "nvd_published_at": "2026-03-11T21:16:17Z"
+  }
+}
@@ -0,0 +1,61 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-67rw-2x62-mqqm",
+  "modified": "2026-03-12T14:22:46Z",
+  "published": "2026-03-12T14:22:46Z",
+  "aliases": [
+    "CVE-2026-32108"
+  ],
+  "summary": "Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access",
+  "details": "There was a missing permission-check in the shares feature (the `shr` global-option).\n\nThis vulnerability only applies in the following scenario:\n* The [shares](https://github.com/9001/copyparty/#shares) feature is used for the specific purpose of creating a share of just a single file inside a folder\n* Either the FTP or SFTP server is enabled, and also made publically accessible\n  * If a share is password-protected, then SFTP was not vulnerable unless the `sftp-pw` global-option was also enabled\n\nGiven these conditions, when a user is browsing a share through either FTP or SFTP (not http or https), they can gain read-access to the remaining files inside the shared folder by guessing/bruteforcing the filenames.\n\nIt was not possible to descend into subdirectories in this manner; only the sibling files were accessible.\n\nThis issue did not affect filekeys or dirkeys.\n\nThis vulnerability is [CVE-2025-58753](https://nvd.nist.gov/vuln/detail/CVE-2025-58753) which was previously fixed for HTTP and HTTPS, but not for FTP. The FTPS server did not yet exist at that time.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "copyparty"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.20.12"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/9001/copyparty/security/advisories/GHSA-67rw-2x62-mqqm"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32108"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/9001/copyparty"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-863"
+    ],
+    "severity": "LOW",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-12T14:22:46Z",
+    "nvd_published_at": "2026-03-11T21:16:16Z"
+  }
+}
@@ -0,0 +1,67 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8g75-q649-6pv6",
+  "modified": "2026-03-12T14:21:28Z",
+  "published": "2026-03-12T14:21:28Z",
+  "aliases": [],
+  "summary": "OpenClaw's system.run approvals did not bind mutable script operands across approval and execution",
+  "details": "OpenClaw's `system.run` approval flow did not bind mutable interpreter-style script operands across approval and execution.\n\nA caller could obtain approval for an execution such as `sh ./script.sh`, rewrite the approved script before execution, and then execute different content under the previously approved command shape. The approved `argv` values remained the same, but the mutable script operand content could drift after approval.\n\nLatest published npm version verified vulnerable: `2026.3.7`\n\nThe initial March 7, 2026 fix in `c76d29208bf6a7f058d2cf582519d28069e42240` added approval binding for shell scripts and a narrow interpreter set, but follow-up maintainer review on March 8, 2026 found that `bun` and `deno` script operands still did not produce `mutableFileOperand` snapshots.\n\nA complete fix shipped on March 9, 2026 in `cf3a479bd1204f62eef7dd82b4aa328749ae6c91`, which binds approved `bun` and `deno run` script operands to on-disk file snapshots and denies post-approval script drift before execution.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.3.7`\n- Patched version: `2026.3.8`\n\n## Fix Commit(s)\n\n- `c76d29208bf6a7f058d2cf582519d28069e42240`\n- `cf3a479bd1204f62eef7dd82b4aa328749ae6c91`\n\n## Release Verification\n\n- npm `2026.3.7` remains vulnerable.\n- npm `2026.3.8` contains the completed fix.\n\nThanks @tdjackey for reporting.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.3.8"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2026.3.7"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8g75-q649-6pv6"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/c76d29208bf6a7f058d2cf582519d28069e42240"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/cf3a479bd1204f62eef7dd82b4aa328749ae6c91"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-285",
+      "CWE-367"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-12T14:21:28Z",
+    "nvd_published_at": null
+  }
+}
@@ -0,0 +1,58 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8j2w-6fmm-m587",
+  "modified": "2026-03-12T14:22:04Z",
+  "published": "2026-03-12T14:22:04Z",
+  "aliases": [],
+  "summary": "OpenClaw: /api/channels gateway-auth boundary bypass via path canonicalization mismatch",
+  "details": "### Summary\nGateway auth for plugin channel endpoints can be bypassed when path canonicalization differs between the gateway guard and plugin handler routing.\n\n### Details\nOn affected versions, `server-http` only applies gateway auth when raw `requestPath` matches exactly:\n- `/api/channels`\n- `/api/channels/*`\n\nIf a plugin handler canonicalizes path input (for example `decodeURIComponent(pathname).toLowerCase()`), requests like:\n- `/API/channels/nostr/default/profile`\n- `/api/channels%2Fnostr%2Fdefault%2Fprofile`\ncan be interpreted as `/api/channels/*` by the plugin, while the gateway auth guard is skipped.\n\n### Impact\nAuthentication boundary bypass for plugin channel HTTP routes under canonicalization mismatch conditions. Unauthorized callers may access plugin channel APIs that are expected to require gateway auth.\n\nCWE: CWE-288 (Authentication Bypass Using an Alternate Path or Channel)\nCVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N` (Base 5.3, Moderate)",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.2.26"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2026.2.25"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8j2w-6fmm-m587"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-288"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-12T14:22:04Z",
+    "nvd_published_at": null
+  }
+}
@@ -0,0 +1,62 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-g7cr-9h7q-4qxq",
+  "modified": "2026-03-12T14:21:35Z",
+  "published": "2026-03-12T14:21:35Z",
+  "aliases": [],
+  "summary": "OpenClaw's MS Teams sender allowlist bypass when route allowlist is configured and sender allowlist is empty",
+  "details": "OpenClaw's Microsoft Teams plugin widened group sender authorization when a team/channel route allowlist was configured but `groupAllowFrom` was empty. Before the fix, a matching route allowlist entry could cause the message handler to synthesize wildcard sender authorization for that route, allowing any sender in the matched team/channel to bypass the intended `groupPolicy: \"allowlist\"` sender check.\n\nThis does not affect default unauthenticated access, but it does weaken a documented Teams group authorization boundary and can allow unauthorized group senders to trigger replies in allowlisted Teams routes.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Latest published vulnerable version: `2026.3.7`\n- Affected range: `<= 2026.3.7`\n- Fixed in released version: `2026.3.8`\n\n## Fix Commit(s)\n\n- `88aee9161e0e6d32e810a25711e32a808a1777b2`\n\n## Release Verification\n\n- Verified fixed in GitHub release `v2026.3.8` published on March 9, 2026.\n- Verified `npm view openclaw version` resolves to `2026.3.8`.\n- Verified the release contains the regression test covering the Teams route-allowlist sender-bypass case and that the test passes against the `v2026.3.8` tree.\n\nThanks @zpbrent for reporting.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.3.8"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2026.3.7"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g7cr-9h7q-4qxq"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/88aee9161e0e6d32e810a25711e32a808a1777b2"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-289"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-12T14:21:35Z",
+    "nvd_published_at": null
+  }
+}
@@ -0,0 +1,66 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gp3q-wpq4-5c5h",
+  "modified": "2026-03-12T14:21:45Z",
+  "published": "2026-03-12T14:21:45Z",
+  "aliases": [],
+  "summary": "OpenClaw: LINE group allowlist scope mismatch with DM pairing-store entries",
+  "details": "### Summary\nIn specific LINE configurations, sender IDs approved through DM pairing could also satisfy group allowlist checks when operators expected group sender access to be scoped only to explicit group allowlists.\n\n### Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published version at triage/update time: `2026.2.25`\n- Affected: `<= 2026.2.25`\n- Patched: `>= 2026.2.26` (planned next release)\n\n### Impact\nThis is a group-authorization scope mismatch. DM pairing-store entries could influence group sender authorization in allowlist mode.\n\n### Technical Details\nRoot cause: group allowlist composition inherited pairing-store entries intended for DM approvals. Under default DM pairing policy, a DM-paired sender could match group allowlist checks.\n\nFixes on `main`:\n- isolate group allowlist composition from pairing-store entries\n- centralize shared DM/group allowlist composition to preserve DM-only pairing behavior\n- add regression coverage for LINE and Mattermost policy paths\n\n### Fix Commit(s)\n- `8bdda7a651c21e98faccdbbd73081e79cffe8be0`\n- `892a9c24b0f6118729ab5b5f5499b1a7e792dd15` (follow-up refactor hardening)\n\n### Release Process Note\n`patched_versions` is pre-set to `>= 2026.2.26` so once npm `2026.2.26` is published, this advisory can be published directly without additional version-field edits.\n\nThanks @tdjackey for reporting.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.2.26"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2026.2.25"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gp3q-wpq4-5c5h"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/892a9c24b0f6118729ab5b5f5499b1a7e792dd15"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/8bdda7a651c21e98faccdbbd73081e79cffe8be0"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-863"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-12T14:21:45Z",
+    "nvd_published_at": null
+  }
+}