Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit fb0452a9393e · 2026-03-11T20:43:28.000Z
GHSA-33rq-m5x2-fvgf GHSA-x22m-j5qq-j49m GHSA-3cw6-2j68-868p
diff --git a/advisories/github-reviewed/2026/02/GHSA-33rq-m5x2-fvgf/GHSA-33rq-m5x2-fvgf.json b/advisories/github-reviewed/2026/02/GHSA-33rq-m5x2-fvgf/GHSA-33rq-m5x2-fvgf.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-33rq-m5x2-fvgf",
-  "modified": "2026-03-05T21:43:49Z",
+  "modified": "2026-03-11T20:41:24Z",
   "published": "2026-02-17T21:37:55Z",
   "aliases": [
     "CVE-2026-28448"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-33rq-m5x2-fvgf"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28448"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/8c7901c984866a776eb59662dc9d8b028de4f0d0"
@@ -51,6 +55,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-twitch-plugin-allowfrom-access-control"
     }
   ],
   "database_specific": {
@@ -60,6 +68,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-17T21:37:55Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-05T22:16:16Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/02/GHSA-x22m-j5qq-j49m/GHSA-x22m-j5qq-j49m.json b/advisories/github-reviewed/2026/02/GHSA-x22m-j5qq-j49m/GHSA-x22m-j5qq-j49m.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x22m-j5qq-j49m",
-  "modified": "2026-03-05T21:44:46Z",
+  "modified": "2026-03-11T20:41:53Z",
   "published": "2026-02-18T17:45:12Z",
   "aliases": [
     "CVE-2026-28451"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x22m-j5qq-j49m"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28451"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/pull/16285"
@@ -55,6 +59,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-ssrf-via-feishu-extension-media-fetching"
     }
   ],
   "database_specific": {
@@ -64,6 +72,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-18T17:45:12Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-05T22:16:17Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/03/GHSA-3cw6-2j68-868p/GHSA-3cw6-2j68-868p.json b/advisories/github-reviewed/2026/03/GHSA-3cw6-2j68-868p/GHSA-3cw6-2j68-868p.json
@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3cw6-2j68-868p",
-  "modified": "2026-03-10T22:54:41Z",
+  "modified": "2026-03-11T20:42:23Z",
   "published": "2026-03-10T18:16:26Z",
   "aliases": [
     "CVE-2026-26310"
   ],
-  "summary": "Envoy vulenrable to crash for scoped ip address during DNS",
+  "summary": "Envoy vulnerable to crash for scoped ip address during DNS",
   "details": "### Summary\n\nCalling `Utility::getAddressWithPort` with a scoped IPv6 addresses causes a crash. This utility is called in the data plane from the original_src filter and the dns filter.\n\n### Details\n\nThe crashing function is `Utility::getAddressWithPort`. The crash occurs if a string containing a scoped IPv6 address is passed to this function.\n\nThis vulnerability affects:\n\n1. The **original src filter**: If the filter is configured and the original source is a scoped IPv6 address, it will cause a crash.\n2. **DNS response address resolution**: If a DNS response contains a scoped IPv6 address, this will also trigger the crash.\n\n### PoC\n\nTo reproduce the vulnerability:\n\n1. **Method A (Original Src Filter):** Configure the `original src` filter in Envoy and provide a scoped IPv6 address as the original source.\n2. **Method B (DNS Resolution):** Trigger a DNS resolution process within Envoy where the DNS response contains a scoped IPv6 address.\n\n### Impact\n\nThis is a Denial of Service (DoS) vulnerability. It impacts users who have the `original src` filter configured or whose Envoy instances resolve addresses from DNS responses that may contain scoped IPv6 addresses.",
   "severity": [
     {
