Security Advisories
A list of vulnerabilities (CVE / GHSA) publicly disclosed by Tencent Zhuque Lab. View as JSONopen_in_new
bug_report
Vulnerabilities
67
deployed_code
Products
21
leaderboard
Severity Breakdown
-
open_in_newHigh CVE-2026-28479 CWE-327/CWE-328
OpenClaw replaced a deprecated sandbox hash algorithm
deployed_code Affected: openclaw <= 2026.2.14 calendar_today Published: February 19, 2026 -
open_in_newMedium CVE-2026-27007 CWE-1254
OpenClaw's sandbox config hash sorted primitive arrays and suppressed needed container recreation
deployed_code Affected: openclaw < 2026.2.15 calendar_today Published: February 18, 2026 -
open_in_newMedium CVE-2025-68785
net: openvswitch: fix middle attribute validation in push_nsh() action
deployed_code Affected: Linux / openvswitch >= 4.15, < 5.10.248; >= 4.15, < 5.15.198; >= 4.15, < 6.1.160; >= 4.15, < 6.6.120; >= 4.15, < 6.12.64; >= 4.15, < 6.18.3; >= 4.15, < 6.19 calendar_today Published: January 13, 2026 -
open_in_newMedium CVE-2025-40254
net: openvswitch: remove never-working support for setting nsh fields
deployed_code Affected: Linux / openvswitch >= 4.15, < 5.4.302; >= 4.15, < 5.10.247; >= 4.15, < 5.15.197; >= 4.15, < 6.1.159; >= 4.15, < 6.6.118; >= 4.15, < 6.12.60; >= 4.15, < 6.17.10; >= 4.15, < 6.18 calendar_today Published: December 04, 2025 -
open_in_newMedium CVE-2025-39983
Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue
deployed_code Affected: Linux / bluetooth >= 6.15, < 6.16.10; >= 6.15, < 6.17 calendar_today Published: October 15, 2025 -
open_in_newHigh CVE-2025-39982
Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync
deployed_code Affected: Linux / bluetooth >= 5.18, < 6.1.155; >= 5.18, < 6.6.109; >= 5.18, < 6.12.50; >= 5.18, < 6.16.10; >= 5.18, < 6.17 calendar_today Published: October 15, 2025 -
open_in_newHigh CVE-2025-39981
Bluetooth: MGMT: Fix possible UAFs
deployed_code Affected: Linux / bluetooth >= 5.17, < 6.6.140; >= 5.17, < 6.12.59; >= 5.17, < 6.16.10; >= 5.17, < 6.17 calendar_today Published: October 15, 2025 -
open_in_newHigh CVE-2025-23356 CWE‑306
NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing
deployed_code Affected: NVIDIA All versions prior to v2.2.1 calendar_today Published: October 13, 2025 -
open_in_newHigh CVE-2025-61784 CWE-22/CWE-918
LLaMA Factory's Chat API Contains Critical SSRF and LFI Vulnerabilities
deployed_code Affected: llamafactory <= 0.9.3 calendar_today Published: October 07, 2025 -
open_in_newHigh CVE-2025-6242 CWE-601/CWE-918
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class
deployed_code Affected: vllm >= 0.5.0, < 0.11.0 calendar_today Published: October 07, 2025
Per page
