mem0

vopenclaw-v1.0.12 scope: openclaw Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 2d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 3 known CVEs

Topics

agents ai ai-agents application chatbots chatgpt

+7 more

genai llm long-term-memory memory memory-management python state-management

Affected surfaces

deps

ReleasePort's take

Moderate signal

editorial:auto 2d

The release pins transitive dependencies to address high-severity CVEs.

Why it matters: High-severity (severity 90) CVEs are mitigated by pinning affected dependencies; operators should verify pinned versions post‑upgrade.

Summary

AI summary

Pinned transitive dependencies to remediate high-severity CVEs

Changes in this release

Type	Severity	Summary	CVE
Security
Security	Critical	Pinned transitive dependencies to remediate high-severity CVEs. Pinned transitive dependencies to remediate high-severity CVEs. Source: llm_adapter@2026-06-01 Confidence: high	—
Security	High	Pinned `protobufjs` to ^7.5.5 to remediate CVE-2026-45134. Pinned `protobufjs` to ^7.5.5 to remediate CVE-2026-45134. Source: granite4.1:30b@2026-06-01-audit Confidence: low	—
Security	High	Pinned `langsmith` to ^0.6.0 to remediate CVE-2026-45134. Pinned `langsmith` to ^0.6.0 to remediate CVE-2026-45134. Source: granite4.1:30b@2026-06-01-audit Confidence: low	—
Security	High	Pinned `picomatch` to ^2.3.2 to remediate CVE-2026-33671. Pinned `picomatch` to ^2.3.2 to remediate CVE-2026-33671. Source: granite4.1:30b@2026-06-01-audit Confidence: low	—
Security	High	Pinned `@qdrant/js-client-rest` to ^1.18.0 to remediate high-severity CVEs. Pinned `@qdrant/js-client-rest` to ^1.18.0 to remediate high-severity CVEs. Source: granite4.1:30b@2026-06-01-audit Confidence: low	—

Full changelog

Mem0 OpenClaw Plugin (v1.0.12)

Security:

Dependencies: Pinned transitive dependencies via pnpm overrides to remediate high-severity CVEs: protobufjs → ^7.5.5, vite → ^8.0.5, langsmith → ^0.6.0 (CVE-2026-45134), picomatch → ^2.3.2 (CVE-2026-33671), @qdrant/js-client-rest → ^1.18.0

Security Fixes

CVE-2026-45134 — pinned protobufjs to ^7.5.5, vite to ^8.0.5, langsmith to ^0.6.0
CVE-2026-33671 — pinned picomatch to ^2.3.2
CVE‑unspecified — pinned @qdrant/js-client-rest to ^1.18.0

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track mem0

Get notified when new releases ship.

About mem0

Universal memory layer for AI Agents

All releases →

Related context

Related tools

Related CVEs

CVE-2026-33671 NVD KEV EPSS
CVE-2026-45134 NVD KEV EPSS