Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 1eb1eb4ea252 · 2026-04-15T20:57:19.000Z
GHSA-wj55-88gf-x564 GHSA-48m6-486p-9j8p GHSA-cr67-pvmx-2pp2 GHSA-fwvm-ggf6-2p4x GHSA-jhxm-h53p-jm7w GHSA-v67w-737x-v2c9
diff --git a/advisories/github-reviewed/2026/03/GHSA-wj55-88gf-x564/GHSA-wj55-88gf-x564.json b/advisories/github-reviewed/2026/03/GHSA-wj55-88gf-x564/GHSA-wj55-88gf-x564.json
@@ -1,14 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wj55-88gf-x564",
-  "modified": "2026-04-10T19:41:36Z",
+  "modified": "2026-04-15T20:55:23Z",
   "published": "2026-03-26T21:14:24Z",
   "aliases": [
     "CVE-2026-35648"
   ],
   "summary": "OpenClaw may have stale policy enforcement for queued node actions",
   "details": "## Summary\nQueued node actions were not revalidated against current command policy when later delivered, so stale allowlists or declarations could survive policy tightening.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `ec2c6d83b9f5f91d6d9094842e0f19b88e63e3e2`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- src/gateway/server-methods/nodes.ts now revalidates queued actions against the current allowlist and declared command set at delivery time.\n- src/gateway/server-methods/nodes.invoke-wake.test.ts includes the shipped stale-queue regression coverage.\n\nOpenClaw thanks @zpbrent for reporting.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
diff --git a/advisories/github-reviewed/2026/04/GHSA-48m6-486p-9j8p/GHSA-48m6-486p-9j8p.json b/advisories/github-reviewed/2026/04/GHSA-48m6-486p-9j8p/GHSA-48m6-486p-9j8p.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-48m6-486p-9j8p",
-  "modified": "2026-04-13T16:36:00Z",
+  "modified": "2026-04-15T20:56:41Z",
   "published": "2026-04-13T16:36:00Z",
   "aliases": [
     "CVE-2026-34069"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-48m6-486p-9j8p"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34069"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/nimiq/core-rs-albatross/pull/3660"
@@ -64,6 +68,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-04-13T16:36:00Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-14T00:16:07Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/04/GHSA-cr67-pvmx-2pp2/GHSA-cr67-pvmx-2pp2.json b/advisories/github-reviewed/2026/04/GHSA-cr67-pvmx-2pp2/GHSA-cr67-pvmx-2pp2.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cr67-pvmx-2pp2",
-  "modified": "2026-04-13T19:33:00Z",
+  "modified": "2026-04-15T20:56:24Z",
   "published": "2026-04-13T19:33:00Z",
   "aliases": [
     "CVE-2026-33899"
@@ -344,6 +344,10 @@
       "type": "WEB",
       "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr67-pvmx-2pp2"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33899"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/ImageMagick/ImageMagick/commit/ae679e2fd19ec656bfab9f822ae4cf06bf91604d"
@@ -369,6 +373,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-04-13T19:33:00Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-13T21:16:25Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/04/GHSA-fwvm-ggf6-2p4x/GHSA-fwvm-ggf6-2p4x.json b/advisories/github-reviewed/2026/04/GHSA-fwvm-ggf6-2p4x/GHSA-fwvm-ggf6-2p4x.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fwvm-ggf6-2p4x",
-  "modified": "2026-04-14T00:06:43Z",
+  "modified": "2026-04-15T20:56:35Z",
   "published": "2026-04-14T00:06:43Z",
   "aliases": [
     "CVE-2026-33908"
@@ -344,6 +344,10 @@
       "type": "WEB",
       "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwvm-ggf6-2p4x"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33908"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/ImageMagick/ImageMagick/commit/ccdc01180276aa2cb3d4a32a611aa4f417061cd8"
@@ -368,6 +372,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-04-14T00:06:43Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-13T22:16:28Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/04/GHSA-jhxm-h53p-jm7w/GHSA-jhxm-h53p-jm7w.json b/advisories/github-reviewed/2026/04/GHSA-jhxm-h53p-jm7w/GHSA-jhxm-h53p-jm7w.json
@@ -1,14 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jhxm-h53p-jm7w",
-  "modified": "2026-04-10T14:41:20Z",
+  "modified": "2026-04-15T20:55:38Z",
   "published": "2026-04-09T20:23:26Z",
   "aliases": [
     "CVE-2026-34971"
   ],
   "summary": "Wasmtime: Miscompiled guest heap access enables sandbox escape on aarch64 Cranelift",
   "details": "### Impact\n\nWasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a guest WebAssembly module this can create a situation where there are two diverging computations for the same address: one for the address to bounds-check and one for the address to load. This difference in address being operated on means that a guest module can pass a bounds check but then load a different address. Combined together this enables an arbitrary read/write primitive for guest WebAssembly when accesssing host memory. This is a sandbox escape as guests are able to read/write arbitrary host memory.\n\nThis vulnerability has a few ingredients, all of which must be met, for this situation to occur and bypass the sandbox restrictions:\n\n* This miscompiled shape of load only occurs on 64-bit WebAssembly linear memories, or when `Config::wasm_memory64` is enabled. 32-bit WebAssembly is not affected.\n* Spectre mitigations or signals-based-traps must be disabled. When spectre mitigations are enabled then the offending shape of load is not generated. When signals-based-traps are disabled then spectre mitigations are also automatically disabled.\n\nThe specific bug in Cranelift is a miscompile of a load of the shape `load(iadd(base, ishl(index, amt)))` where `amt` is a constant. The `amt` value is masked incorrectly to test if it's a certain value, and this incorrect mask means that Cranelift can pattern-match this lowering rule during instruction selection erroneously, diverging from WebAssembly's and Cranelift's semantics. This incorrect lowering would, for example, load an address much further away than intended as the correct address's computation would have wrapped around to a smaller value insetad.\n\n\n\n### Patches\n\nWasmtime 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.\n\n### Workarounds\n\nThis bug only affects users of Cranelift on aarch64. Cranelift on other platforms is not affected. Additionally this only affects 64-bit WebAssembly linear memories, so if `Config::wasm_memory64` is disabled then hosts are not affected. Note that `Config::wasm_memory64` is enabled by default. If spectre mitigations are enabled, which are enabled by default, then hosts are not affected by this issue.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"
diff --git a/advisories/github-reviewed/2026/04/GHSA-v67w-737x-v2c9/GHSA-v67w-737x-v2c9.json b/advisories/github-reviewed/2026/04/GHSA-v67w-737x-v2c9/GHSA-v67w-737x-v2c9.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v67w-737x-v2c9",
-  "modified": "2026-04-13T19:09:58Z",
+  "modified": "2026-04-15T20:56:28Z",
   "published": "2026-04-13T19:09:58Z",
   "aliases": [
     "CVE-2026-33900"
@@ -135,6 +135,10 @@
       "type": "WEB",
       "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v67w-737x-v2c9"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33900"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/ImageMagick/ImageMagick/commit/d27b840a61b322419a66d0d192ff56d52498148d"
@@ -159,6 +163,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-04-13T19:09:58Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-13T21:16:25Z"
   }
 }
