chore: CVE advisories - 0 new, 1 updated

github-actions[bot] · github-actions[bot] · commit fdeb3dc27f09 · 2026-04-23T06:36:31.000Z
Automated update from NVD CVE feed.
Keywords:
Poll window: 2026-04-22T11:03:28Z to 2026-04-23T06:35:38.000Z
diff --git a/advisories/feed.json b/advisories/feed.json
@@ -1,6 +1,6 @@
 {
   "version": "0.0.3",
-  "updated": "2026-04-22T11:03:28Z",
+  "updated": "2026-04-23T06:36:30Z",
   "description": "Community-driven security advisory feed for ClawSec. Automatically updated with OpenClaw-related CVEs from NVD and community-reported security incidents.",
   "advisories": [
     {
@@ -2643,6 +2643,7 @@
       "title": "OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth f...",
       "description": "OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption.",
       "affected": [
+        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
         "openclaw@*"
       ],
       "platforms": [
diff --git a/advisories/feed.json.sig b/advisories/feed.json.sig
@@ -1 +1 @@
-nfnw5kWhjTrEToNwCZNzXNq+umfKj2L9XLUXqVDzzU0ZLMZwvMLgHggT8nUny1UDIjkGlYrlrCXaf4aylM+ZAQ==
+oRsvP3icVWKR4TAM5YQVYgdrGn4Qd63rWrM1DEuc8w7UwVRpC7wO9nOv/jcFf2kMZzr9ylZrmkD51cOl3IfHAQ==
diff --git a/skills/clawsec-feed/advisories/feed.json b/skills/clawsec-feed/advisories/feed.json
@@ -1,6 +1,6 @@
 {
   "version": "0.0.3",
-  "updated": "2026-04-22T11:03:28Z",
+  "updated": "2026-04-23T06:36:30Z",
   "description": "Community-driven security advisory feed for ClawSec. Automatically updated with OpenClaw-related CVEs from NVD and community-reported security incidents.",
   "advisories": [
     {
@@ -2643,6 +2643,7 @@
       "title": "OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth f...",
       "description": "OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption.",
       "affected": [
+        "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
         "openclaw@*"
       ],
       "platforms": [
diff --git a/skills/clawsec-feed/advisories/feed.json.sig b/skills/clawsec-feed/advisories/feed.json.sig
@@ -1 +1 @@
-nfnw5kWhjTrEToNwCZNzXNq+umfKj2L9XLUXqVDzzU0ZLMZwvMLgHggT8nUny1UDIjkGlYrlrCXaf4aylM+ZAQ==
+oRsvP3icVWKR4TAM5YQVYgdrGn4Qd63rWrM1DEuc8w7UwVRpC7wO9nOv/jcFf2kMZzr9ylZrmkD51cOl3IfHAQ==

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-nfnw5kWhjTrEToNwCZNzXNq+umfKj2L9XLUXqVDzzU0ZLMZwvMLgHggT8nUny1UDIjkGlYrlrCXaf4aylM+ZAQ==`
	`1`	`+oRsvP3icVWKR4TAM5YQVYgdrGn4Qd63rWrM1DEuc8w7UwVRpC7wO9nOv/jcFf2kMZzr9ylZrmkD51cOl3IfHAQ==`