bl
1000 known vulnerabilities · 79 critical · 126 high
Renovate affected by remote code execution was possible using the bazel-module or bazelisk managers, when using lockFileMaintenance
linux-cmdline is vulnerable to Prototype Pollution via the constructor
Malicious code in tablegen (npm)
muhammara and hummus vulnerable to Unchecked Return Value to NULL Pointer Dereference
JOSE vulnerable to resource exhaustion via specifically crafted JWE
Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection
Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements
OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths
fastify: request.protocol and request.host Spoofable via X-Forwarded-Proto/Host from Untrusted Connections
Malicious code in react-native-retriable-fetch (npm)
ghost vulnerable to unauthorized newsletter modification via improper access controls
angular vulnerable to regular expression denial of service via the <input type="url"> element
RSA signature validation vulnerability on maleable encoded message in jsrsasign
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers
liquidjs has a Denial of Service via circular block reference in layout
Malicious code in pipedrive-embeddable-ringcentral-phone-spa (npm)
steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments
OpenClaw vulnerable to arbitrary file read via $include directive
Malicious code in stablecoin-aptos (npm)
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`
@nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses
mc-kill-port vulnerable to Arbitrary Command Execution via kill function
Flowise: Sensitive Data Leak in public-chatbotConfig
TinaCMS Vulnerable to Path Traversal Leading to Arbitrary File Read, Write and Delete
sanitize-html is vulnerable to XSS through incomprehensive sanitization
Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials
materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input
thlorenz browserify-shim vulnerable to prototype pollution
Parse Server vulnerable to brute force guessing of user sensitive data via search patterns
Malicious code in elf-stats-snowdusted-bauble-104 (npm)
Malicious code in shopify-draggable (npm)
pnpm vulnerable to Command Injection via environment variable substitution
express-param vulnerable to Improper Handling of Extra Parameters
OpenZeppelin Contracts initializer reentrancy may lead to double initialization
printf vulnerable to Regular Expression Denial of Service (ReDoS)
@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state
openclaw-claude-bridge: sandbox is not effective - `--allowed-tools ""` does not restrict available tools
Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows
OpenClaw: Matrix profile config persistence was reachable from operator.write message tools
node-tesseract-ocr is vulnerable to OS Command Injection through unsanitized recognize() function parameter
Status Board vulnerable to Cross-Site Scripting before v1.1.82
OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins
Backstage vulnerable to potential reading of SCM URLs using built in token
deepHas vulnerable to Prototype Pollution via constructor.prototype
Hidden fields can be leaked on readable collections in Payload
OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation
Malicious code in lovable-js (npm)
OpenClaw vulnerable to SSRF in src/agents/tools/web-fetch.ts
@stablelib/cbor: Stack exhaustion Denial of Service via deeply nested CBOR arrays, maps, or tags
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
Flowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public Chatflow in Flowise
OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution
OpenClaw BlueBubbles webhook auth bypass via loopback proxy trust
OpenClaw Hook Session Key Override Enables Targeted Cross-Session Routing
Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints
TinaCMS CLI Dev Server Vulnerable to Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS
Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS
directus vulnerable to Insertion of Sensitive Information into Log File
ApostropheCMS: Information Disclosure via choices/counts Query Parameters Bypassing publicApiProjection Field Restrictions
@siteboon/claude-code-ui is Vulnerable to Command Injection via Multiple Parameters
Astro's server source code is exposed to the public if sourcemaps are enabled
Electron: Unquoted executable path in app.setLoginItemSettings on Windows
Fastify's connection header abuse enables stripping of proxy-added headers
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters
OpenClaw's Chrome extension relay binds publicly due to wildcard treated as loopback
OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override
Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling
OpenClaw's unsanitized session ID enables path traversal in transcript file operations
Misuse of `Reference` and other transferable APIs may lead to access to nodejs isolate
Ghost vulnerable to information disclosure of private API fields
NPM IP package incorrectly identifies some private IP addresses as public
XSS due to lack of CSRF validation for replying/publishing
@fastify/middie vulnerable to middleware authentication bypass in child plugin scopes
steal vulnerable to Prototype Pollution via requestedVersion variable
undici before v5.8.0 vulnerable to CRLF injection in request headers
Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution
Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding
pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default"
OpenClaw vulnerable to path traversal (Zip Slip) in archive extraction during explicit installation commands
mcp-package-docs vulnerable to command injection in several tools
Backstage Scaffolder plugin vulnerable to Server-Side Request Forgery
Shescape potential environment variable exposure on Windows with CMD
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball
n8n has SQL Injection in Data Table Node via orderByColumn Expression
OpenClaw has incomplete IPv4 special-use SSRF blocking in web fetch guard
Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions
Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code
OpenClaw has an exec allowlist bypass via command substitution/backticks inside double quotes
Malicious code in lovable-react (npm)
Malicious code in a-lbum-do-wnload-avai-lable-file-261573-generations-do7io-mdogom (npm)
Malicious code in ava-ilable-down-load-mp3-today-2013-10071-pure-heroine-vldvc-oyqobe (npm)
Malicious code in do-wnload-available-67250-from-gardens-where-we-feel-secure-1-zuhte-cbguim (npm)
Malicious code in do-wnload-available-88507-inheaven-dfkvm-eunrso (npm)
Malicious code in @azure-tests/perf-storage-blob-track-1 (npm)
Malicious code in down-lo-ad-now-zip-mp3-the-whole-love-f2ts8-cblkgz (npm)
OpenClaw: Chrome --no-sandbox disabled OS-level browser sandbox in sandbox browser container
Malicious code in down-load-available-zip-now-365509-chew-the-scenery-ymqd7-xaqqmu (npm)
Astro development server error page is vulnerable to reflected Cross-site Scripting
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled
@stablelib/cbor: Prototype poisoning via `__proto__` map keys in CBOR decoding
Backstage has a Possible Symlink Path Traversal in Scaffolder Actions
Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association
Websites were able to send any requests to the development server and read the response in vite
Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows
Duplicate Advisory: OpenClaw: Nextcloud Talk room allowlist matched colliding room names instead of stable room tokens
Bypass of CSRF protection in the presence of predictable userInfo
body-parser vulnerable to denial of service when url encoding is enabled
OpenClaw Twilio voice-call webhook auth bypass when ngrok loopback compatibility is enabled
@webiny/react-rich-text-renderer vulnerable to insecure rendering of rich text content
directus vulnerable to HTML Injection in Password Reset email to custom Reset URL
react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js
@backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint
rgb2hex vulnerable to inefficient regular expression complexity
Multer vulnerable to Denial of Service via memory leaks from unclosed streams
OpenClaw browser navigation guard allowed non-network URL schemes, enabling authenticated browser-tool users to access file:// local files
Parse Server vulnerable to user enumeration via email verification endpoint
Baremetrics date range picker vulnerable to Cross-site Scripting
Shakapacker has environment variable leak via EnvironmentPlugin that exposes secrets to client-side bundles
MongoDB Shell may be susceptible to control character injection via pasting
Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
SandboxJS Vulnerable to Prototype Pollution -> Sandbox Escape -> RCE
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name
window-control vulnerable to Command Injection due to improper input sanitization
Flowise Cross-site Scripting in /api/v1/public-chatflows/id
Possible inject arbitrary `CSS` into the generated graph affecting the container HTML
Directus is vulnerable to sensitive data exposure as user data is not being redacted when logged
angular vulnerable to super-linear runtime due to backtracking
Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints
OpenZeppelin Contracts vulnerable to ECDSA signature malleability
x-data-spreadsheet through 1.1.9 vulnerable to Cross-site Scripting
Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code
MCP Server Kubernetes vulnerable to command injection in several tools
sharp vulnerable to Command Injection in post-installation over build environment
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime
screenshot-desktop vulnerable to command Injection via `format` option
GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution
fastify/websocket vulnerable to uncaught exception via crash on malformed packet
Malicious code in async-problem (npm)
Renovate vulnerable to arbitrary command injection via gleam manager and malicious gleam.toml file
Malicious code in azure-storage-blob-changefeed (npm)
Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository
DiracX-Web is vulnerable to attack through an Open Redirect on its login page
Malicious code in @buzzblocks/fetlife-assets (npm)
nanotar is vulnerable to path traversal in parseTar() and parseTarGzip()
algoliasearch-helper is vulnerable to Prototype Pollution in _merge()
@saltcorn/data vulnerable to SQL Injection via jsexprToSQL Literal Handler
Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime
Flowise vulnerable to RCE via Dynamic function constructor injection
@backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection
html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS)
markdown-it vulnerable to Inefficient Regular Expression Complexity
AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection
Paperclip: Malicious skills able to exfiltrate and destroy all user data
Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule
Multer vulnerable to Denial of Service via unhandled exception from malformed request
React Server Components are Vulnerable to RCE
Mojic: Observable Timing Discrepancy in HMAC Verification
Shescape has potential environment variable exposure on Windows with CMD
n8n is Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition
send vulnerable to template injection that can lead to XSS
@fastify/static vulnerable to route guard bypass via encoded path separators
@backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()
OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token
MongoDB Shell may be susceptible to control character Injection via shell output
Malicious code in do-wnload-available-5935-dear-9fef6-bjowel (npm)
BrowserStack Local vulnerable to Command Injection through logfile variable
Malicious code in azure-arm-postgresql-flexible-samples-js (npm)
Withdrawn Advisory: Shescape has possible misidentification of shell due to link chains
Malicious code in solana-stable-web-huks (npm)
Modified package published to npm, containing malware that exfiltrates private key material
AWS Lambda parser is vulnerable to Regular Expression Denial of Service
CleverTap Web SDK is vulnerable to DOM-based Cross-Site Scripting (XSS) via window.postMessage
Malicious code in roblox-tracer (npm)
Malicious code in non-modular-buildable (npm)
OpenClaw: Memory dreaming config persistence was reachable from operator.write commands
Malicious code in azure-data-tables-js (npm)
Malicious code in azure-data-tables-ts (npm)
angular vulnerable to regular expression denial of service (ReDoS)
OpenClaw: Telegram audio preflight transcription enables resource consumption by unauthorized senders
Malicious code in tailwind-variables (npm)
steal vulnerable to Regular Expression Denial of Service via input variable
generator-jhipster-entity-audit vulnerable to Unsafe Reflection when having Javers selected as Entity Audit Framework
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label
Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions
Parse Server has role escalation and CLP bypass via direct `_Join` table write
Malicious code in axios-cancelable (npm)
Docsify vulnerable to cross-site scripting due to mishandled encoding
Feathers has an open redirect in OAuth callback enables account takeover
Nuxt OG Image vulnerable to Server-Side Request Forgery via user-controlled parameters
parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing
Malicious code in blobhunter-depconf-poc (npm)
replicator vulnerable to Deserialization of Untrusted Data
OpenClaw: BlueBubbles beta plugin webhook auth hardening (remove passwordless fallback)
NocoDB Vulnerable to Stored Cross-Site Scripting via Comments and Rich Text Cells
Child processes spawned by Renovate incorrectly have full access to environment variables
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration
Hono Vulnerable to Cookie Attribute Injection via Unsanitized domain and path in setCookie()
Parse Server vulnerable to SQL injection via `Increment` operation on nested object field in PostgreSQL
Malicious code in blobindexfunc (npm)
Malicious code in block-utxos (npm)
Malicious code in blockcypher-adapter (npm)
Directus vulnerable to Server-Side Request Forgery On File Import
Malicious code in blockly-devtools (npm)
Malicious code in blocks-cloud (npm)
Malicious code in blockstream-adapter (npm)
Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend
jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder
Microsoft Playwright MCP Server vulnerable to DNS Rebinding Attack; Allows Attackers Access to All Server Tools
enclave-vm Vulnerable to Sandbox Escape via Host Error Prototype Chain
OpenClaw: Workspace .env could inject OpenClaw runtime-control variables
thlorenz browserify-shim vulnerable to prototype pollution
ggit is vulnerable to Command Injection via the fetchTags(branch) API
TurboBoost Commands vulnerable to arbitrary method invocation
h3: Double Decoding in `serveStatic` Bypasses `resolveDotSegments` Path Traversal Protection via `%252e%252e`
Materialize-css vulnerable to Improper Neutralization of Input During Web Page Generation
Predictable results in nanoid generation when given non-integer values
Parse Server vulnerable to schema poisoning via prototype pollution in deep copy
Cube Core is vulnerable to Denial of Service (DoS) via crafted request
yapi disables TLS/SSL certificate validation via rejectUnauthorized: false in Axios HTTPS agent
Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability
OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation
paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass
JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js
basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list()
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4
Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration
Malicious code in com.unity.scriptablebuildpipeline (npm)
Unauthorized npm publish of cline@2.3.0 with modified postinstall script
Parse Server vulnerable to session token exfiltration via `redirectClassNameForKey` query parameter
Malicious code in eleventy-high-performance-blog (npm)
Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation
fast-xml-parser vulnerable to Regex Injection via Doctype Entities
steal vulnerable to Prototype Pollution via alias variable
Moment.js vulnerable to Inefficient Regular Expression Complexity
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath)
Malicious code in koop-componentenbibliotheek (npm)
Directus vulnerable to unhandled exception on illegal filename_disk value
safe-eval vulnerable to Sandbox Bypass due to improper input sanitization
inflect vulnerable to Inefficient Regular Expression Complexity
gatsby-transformer-remark has possible unsanitized JavaScript code injection
tRPC has possible prototype pollution in `experimental_nextAppDirCaller`
OpenClaw: BlueBubbles Webhook Missing Rate Limiting Enables Brute-Force Password Guessing
NocoBase Has SQL Injection via template variable substitution in workflow SQL node
n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook
Parse Server vulnerable to LDAP injection via unsanitized user input in DN and group filter construction
decolua 9router vulnerable to authorization bypass
@actions/core has Delimiter Injection Vulnerability in exportVariable
Malicious code in azure-eventhubs-checkpointstore-blob (npm)
Malicious code in bluebird.node (npm)
Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry
Parse Server before v3.4.1 vulnerable to Denial of Service
OpenAI Codex CLI enables code execution through malicious MCP (Model Context Protocol) configuration files
Malicious code in meshblu-connector-arc-thermometer (npm)
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following
Malicious code in moble (npm)
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin
@backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass
Malicious code in blockchain-com (npm)
sjcl is missing point-on-curve validation in sjcl.ecc.basicKey.publicKey
Budibase: Path traversal in plugin file upload enables arbitrary directory deletion and file write
thlorenz browserify-shim vulnerable to prototype pollution
Malicious code in azure-data-tables (npm)
Malicious code in com.tunnelbear.blocker (npm)
Malicious code in azure-storage-blob (npm)
Malicious code in bluejeans-api-rest-meetings (npm)
@electron/packager's build process memory potentially leaked into final executable
Shescape vulnerable to insufficient escaping of whitespace
Malicious code in carousel-enabledx (npm)
node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal
Duplicate Advisory: OpenClaw is vulnerable to unauthenticated resource exhaustion through its voice call webhook handling
fastify vulnerable to denial of service via malicious Content-Type
Renovate vulnerable to arbitrary command injection via hermit manager and maliciously named dependencies
Malicious code in blackberry (npm)
URIjs Vulnerable to Hostname spoofing via backslashes in URL
d3-color vulnerable to ReDoS
Improper Neutralization of Special Elements used in an OS Command in Blamer
@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass
OpenClaw has a CWD `.env` environment variable injection which bypasses host-env policy and allows config takeover
Malicious code in noblox.js-addons (npm)
jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs
Renovate vulnerable to arbitrary command injection via helmv3 manager and malicious Chart.yaml file
Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter
Malicious code in blueconic (npm)
Malicious code in noblox.js-promise (npm)
Undici vulnerable to data leak when using response.arrayBuffer()
Deep Merge is Vulnerable to Prototype Pollution Through Lack of Sanitization
Malicious code in uid2-publisher (npm)
Malicious code in bluehost-wordpress-plugin (npm)
Duplicate Advisory: OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host
Capgo CLI: symlink-following local secret writes enable arbitrary file overwrite + world-readable credentials (0600 missing)
@cyanheads/git-mcp-server vulnerable to command injection in several tools
Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using `Pandas`.
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable
Malicious code in elitabl2 (npm)
ejs is vulnerable to remote code execution due to weak input validation
Malicious code in bonded-stablecoin (npm)
Malicious code in noblox.js-proxies (npm)
Malicious code in web_enhance_sap-stable (npm)
Malicious code in noblox.js-proxy (npm)
Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package
OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup
Malicious code in oscompatible (npm)
Parse Server has a stored XSS filter bypass via Content-Type MIME parameter and missing XML extension blocklist entries
MongoDB Shell may be susceptible to Control Character Injection via autocomplete
Malicious code in absorblms (npm)
Malicious code in instant_verb_tables_roxanne_burns_pdf___hot___uy4 (npm)
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
yaml is vulnerable to Stack Overflow via deeply nested YAML collections
OpenClaw: Windows-compatible env override keys could bypass system.run approval binding
SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution
Malicious code in criteo-static-variables-datasource (npm)
Malicious code in ali-react-table-monorepo (npm)
depath and cool-path vulnerable to Prototype Pollution via `set()` Method
Axios is vulnerable to DoS attack through lack of data size check
Electron protocol handler browser vulnerable to Command Injection
Malicious code in loblaws-mkt-bundle (npm)
OpenClaw: Leaf subagents could steer sibling sessions across sandbox boundaries
Malicious code in storyblok-bridge (npm)
OpenClaw's system.run approvals did not bind mutable script operands across approval and execution
Duplicate Advisory: Nodemailer is vulnerable to DoS through Uncontrolled Recursion
Malicious code in alb-um-availa-ble-zip-mp3-file-38068-its-all-about-to-change-rnonb-pzjjbh (npm)
Malicious code in down-load-available-zip-now-6092-expensive-shit-dzpv2-hzbnea (npm)
Materialize-css vulnerable to Cross-site Scripting in tooltip component
Malicious code in new-al-bum-av-ailable-broken-social-scene-8of7p-zaeaqb (npm)
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol
element-plus vulnerable to cross-site scripting (XSS) via el-table-column
Ghost vulnerable to arbitrary file read via symlinks in content import
muhammara and hummus vulnerable to denial of service by NULL pointer dereference
When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible
Malicious code in action-npm-publish (npm)
Duplicate Advisory: OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token
Malicious code in ua-publication-manager (npm)
Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs
Paperclip: codex_local inherited ChatGPT/OpenAI-connected Gmail and was able to send real email
Claude Code vulnerable to command execution prior to startup trust dialog
feathers-sequelize vulnerable to SQL injection due to improper parameter filtering
Unrestricted Upload of File with Dangerous Type in blueimp-file-upload
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Malicious code in @ensdomains/unruggable-gateways (npm)
svelte is vulnerable to XSS with textarea bind:value
node-bluetooth-serial-port is vulnerable to Buffer Overflow via the findSerialPortChannel
jQuery-UI vulnerable to Cross-site Scripting in dialog closeText
@netlify/ipx vulnerable to Full Response SSRF and Stored XSS via Cache Poisoning and Improper Host Validation
Malicious code in text-ytabl (npm)
Malicious code in uniform-reliable-broadcast (npm)
OpenClaw: Security Scan Failure Does Not Block Plugin Installation (Fail-Open)
Duplicate Advisory: OpenClaw: Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName
Malicious code in @dev-blinq/ai-qa-logic (npm)
Mafintosh's protocol-buffers-schema is vulnerable to prototype pollution
Malicious code in storyblok-rich-text-astro-renderer-workspace (npm)
OpenClaw safeBins jq `$ENV` filter bypass allows environment variable disclosure
UUPSUpgradeable vulnerability in @openzeppelin/contracts
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion
n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node
OpenClaw Vulnerable to Local File Exfiltration via MCP Tool Result MEDIA: Directive Injection
Sequelize v6 Vulnerable to SQL Injection via JSON Column Cast Type
Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
Vercel Workflow Allows Webhook Creation with Predictable User-Specified Tokens
OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host
@acrontum/filesystem-template vulnerable to Command Injection due to fetchRepo API missing sanitization
Twitter-Post-Fetcher vulnerable to Use of Web Link to Untrusted Target with window.opener Access
Malicious code in blingbling-dasda (npm)
matrix-appservice-irc vulnerable to IRC mode parameter confusion
Malicious code in @zitterorg/probable-octo (npm)
Malicious code in pupeteer-extra-plugin-adblocker (npm)
Malicious code in immutable-axelar-bridge (npm)
@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details
Font-Converter Vulnerable to Arbitrary Command Injection
apiconnect-cli-plugins vulnerable to OS Command Injection
OpenClaw vulnerable to Unauthenticated Local RCE via WebSocket config.apply
Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)
Duplicate Advisory: OpenClaw Telegram webhook request bodies were read before secret validation, enabling unauthenticated resource exhaustion
OpenClaw: MS Teams webhook parses body before JWT validation, enabling unauthenticated resource exhaustion
Malicious code in @diotoborg/veniam-blanditiis-sit (npm)
Signal K set-system-time plugin vulnerable to RCE - Command Injection
ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation
EverShop is vulnerable to Unauthorized Order Information Access (IDOR)
Malicious code in ably-engineering (npm)
OpenClaw's Zalouser allowlist authorization matched mutable group names by default
Malicious code in @visiology-public-utilities/language-utils (npm)
Malicious code in @diotoborg/debitis-blanditiis-dolore (npm)
Nuxt OG Image is vulnerable to Denial of Service via unbounded image dimensions
tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File
Malicious code in @diotoborg/iusto-blanditiis-reiciendis (npm)
Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format
Compressing Vulnerable to Arbitrary File Write via Symlink Extraction
node-bluetooth is vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation
Malicious code in alb-um-availa-ble-zip-mp3-file-46046-radical-connector-m2ydd-nirtvy (npm)
Malicious code in alb-um-availa-ble-zip-mp3-file-85058-bright-phoebus-dboqy-oraqvx (npm)
Malicious code in alb-um-availa-ble-zip-mp3-file-a-river-aint-too-much-to-love-0u85h-vysnxq (npm)
Malicious code in avail-able-albu-m-down-load-15496-morning-view-pbn51-tjmcxv (npm)
OpenClaw: Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables
Malicious code in new-al-bum-av-ailable-2014-15374-tourniquets-hacksaws-and-graves-53p3g-eabxqr (npm)
Making all attributes on a content-type public without noticing it
Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize
NextAuth.js default redirect callback vulnerable to open redirects
Duplicate Advisory: OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows
serve-static vulnerable to template injection that can lead to XSS
Malicious code in updated-script-roblox-muscle-legends-script-e3lrsz (npm)
Malicious code in bloomr-ts (npm)
Malicious code in hubl-parser (npm)
Malicious code in blockypher (npm)
Directus vulnerable to extraction of password hashes through export querying
Malicious code in blynk-ide (npm)
api-lab-mcp vulnerable to SSRF
mockjs vulnerable to Prototype Pollution via the Util.extend function
@pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution
@nestjs/core vulnerable to Information Exposure via StreamableFile pipe
Malicious code in ablofmyskjtnzdxk (npm)
Solana Pay Vulnerable to Weakness in Transfer Validation Logic
Malicious code in eager-blog (npm)
locutus call_user_func_array vulnerable to Remote Code Execution (RCE) due to Code Injection
matrix-js-sdk vulnerable to invisible eavesdropping in group calls
OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode
Duplicate Advisory: OpenClaw: Telegram Webhook Missing Guess Rate Limiting Enables Brute-Force Guessing of Weak Webhook Secret
Malicious code in working-today--roblox-rise-of-nations-script-8ayh1b (npm)
Malicious code in a-lbum-do-wnload-avai-lable-file-6460-vauxhall-and-i-tc5nk-jqhvlk (npm)
Malicious code in a-lbum-do-wnload-avai-lable-file-volta-j48ol-zfpbbc (npm)
Duplicate Advisory: OpenClaw: BlueBubbles Webhook Missing Rate Limiting Enables Brute-Force Password Guessing
MikroORM is vulnerable to SQL Injection via specially crafted object
Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content
@siteboon/claude-code-ui is Vulnerable to Shell Command Injection in Git Routes
Malicious code in new-al-bum-av-ailable-35600-lived-to-tell-bt7g4-oftaau (npm)
Malicious code in hub-blockly (npm)
automattic/mongoose vulnerable to Prototype pollution via Schema.path
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling
Malicious code in noblox.js-vps (npm)
Malicious code in paytm-blink-checkout-vue3-example (npm)
Withdrawn Advisory: fast-redact vulnerable to prototype pollution
Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs
Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE
Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765
code-server vulnerable to Missing Origin Validation in WebSockets
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex
@nor2/heim-mcp vulnerable to command injection
Malicious code in redirect-nzoblt (npm)
fido2-lib is vulnerable to DoS via cbor-extract heap buffer over-read in CBOR attestation parsing
@google/clasp vulnerable to unsafe path traversal cloning or pulling a malicious script
steal vulnerable to Prototype Pollution via optionName variable
Malicious code in @commute/bloom (npm)
Zod jsVideoUrlParser vulnerable to ReDoS in util.js
SimStudioAI: A function in route.ts is vulnerable to Code Injection
Obsidian Dataview vulnerable to code injection due to unsafe eval
Malicious code in @oku-ui/collapsible (npm)
Malicious code in coolblue-assets (npm)
Parse Server vulnerable to stored cross-site scripting (XSS) via SVG file upload
OpenZeppelin Contracts vulnerable to Improper Escaping of Output
Smoothie vulnerable to Cross-site Scripting when tooltipLabel or strokeStyle are controlled by users
loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter
path-to-regexp vulnerable to Denial of Service via sequential optional groups
@fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)
Malicious code in bluepurellwalker (npm)
Malicious code in @blockpro/render (npm)
Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic
Malicious code in core-roblox-utilities (npm)
Malicious code in roblox-badges (npm)
Privilege Escalation due to Blind NoSQL Injection in flintcms
Malicious code in hijack_publish (npm)
n8n Vulnerable to Arbitrary File Write on Remote Systems via SSH Node
Eta vulnerable to Code Injection via templates rendered with user-defined data
Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks
Malicious code in working-today--find-the-simpsons-171-script-roblox-4zlhl1 (npm)
Malicious code in alexpavlov--jquery-suggestable (npm)
FurqanSoftware/node-whois vulnerable to Prototype Pollution
vm2 vulnerable to Sandbox Escape resulting in Remote Code Execution on host
Malicious code in @juiggitea/ratione-reiciendis-mollitia-blanditiis (npm)
Malicious code in @juiggitea/voluptatem-quos-blanditiis (npm)
Malicious code in down-load-available-zip-now-23630-non-stop-je-te-plie-en-deux-6jxm0-xjqkwj (npm)
Malicious code in down-load-available-zip-now-35816-laughter-lust-jih3q-fajkvi (npm)
Malicious code in blank-ts-repo (npm)
Malicious code in blockchair-adapter (npm)
Malicious code in blockfi (npm)
Malicious code in blockly-samples (npm)
Malicious code in blueprintjs-monorepo (npm)
Malicious code in elf-stats-mulled-bauble-252 (npm)
Malicious code in elf-stats-silvered-bauble-482 (npm)
expand-object Vulnerable to Prototype Pollution via the expand() Function
Malicious code in babel-plugin-blocks (npm)
Bootstrap Multiselect Vulnerable to CSRF and Reflective XSS via Arbitrary POST Data
Leaking sensitive user information still possible by filtering on private with prefix fields
Malicious code in handsontable-examples (npm)
srvx is vulnerable to middleware bypass via absolute URI in request line
jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext
Malicious code in blockchain-classic-wallet (npm)
Duplicate Advisory: OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution
Malicious code in prime-one-table (npm)
Malicious code in blob-internal-security-test-f63eabf7 (npm)
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection
Access of Resource Using Incompatible Type in Facebook Hermes
Malicious code in internal_insights_enabled (npm)
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type
Ghost vulnerable to Server Side Request Forgery (SSRF) via oEmbed Bookmark
Malicious code in dep-incompatible (npm)
Malicious code in ofblhekwgqynjxvp (npm)
Parse Server has a Cross-Site Scripting (XSS) vulnerability via Unescaped Mustache Template Variables
Paperclip: Stored XSS via javascript: URLs in MarkdownBody — urlTransform override disables react-markdown sanitization
OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
Malicious code in blur-plugins (npm)
Malicious code in strapi-plugin-blurhash (npm)
devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse
Vite middleware may serve files starting with the same name with the public directory
Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream
Malicious code in blackstone-core (npm)
OpenClaw is vulnerable to Path Traversal through path validation bypass
Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow`
Malicious code in aem-react-editable-components (npm)
Parse Server vulnerable to SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL
OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows
express-xss-sanitizer vulnerable to Prototype Pollution via allowedTags attribute
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled
figma-developer-mcp vulnerable to command injection in get_figma_data tool
Malicious code in accessible-textbook-demo (npm)
Malicious code in mdb-react-sortable (npm)
Malicious code in adblock-resources (npm)
safe-eval vulnerable to Prototype Pollution via the safeEval function
Malicious code in gruntcontriblean (npm)
@fastify/express's middleware path doubling causes authentication bypass in child plugin scopes
Malicious code in bll-cerberus (npm)
Malicious code in vs-table-plugins-antd (npm)
React Editable Json Tree vulnerable to arbitrary code execution via function parsing
Flowise is vulnerable to arbitrary file exposure through its ReadFileTool
Self-hosted n8n has Legacy Code node that enables arbitrary file read/write
Malicious code in aads-blog (npm)
Flowise Vulnerable to PII Disclosure on Unauthenticated Forgot Password Endpoint
Joplin Vulnerable to Cross-site Scripting in Note Content
cruddl vulnerable to ArangoDB Query Language (AQL) injection through flexSearch
OpenClaw: BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events
LiveQuery protected field leak via shared mutable state across concurrent subscribers
OpenClaw Telegram allowlist authorization accepted mutable usernames
OpenClaw: Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName
Malicious code in minecraft_image_to_blocks (npm)
Markdownify has Files or Directories Accessible to External Parties
http-cache-semantics vulnerable to Regular Expression Denial of Service
Hono vulnerable to Vary Header Injection leading to potential CORS Bypass
@fastify/static vulnerable to path traversal in directory listing
OpenClaw's browser-origin WebSocket auth hardening gap could enable loopback password brute-force chains
OpenClaw vulnerable to sensitive file disclosure via stageSandboxMedia
Malicious code in perf-storage-blob (npm)
lodash vulnerable to Code Injection via `_.template` imports key names
ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse
OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable)
mcp-from-openapi is Vulnerable to SSRF via $ref Dereferencing in Untrusted OpenAPI Specifications
OpenClaw: Agentic Consent Bypass — LLM Agent Can Silently Disable Exec Approval via `config.patch`
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
OpenClaw: Telegram Webhook Missing Guess Rate Limiting Enables Brute-Force Guessing of Weak Webhook Secret
OpenClaw Improperly Neutralizes Line Breaks in systemd Unit Generation Enables Local Command Execution (Linux)
angular-base64-upload vulnerable to unauthenticated remote code execution
ckeditor-wordcount-plugin vulnerable to Cross-site Scripting in Source Mode of Editor
Passport vulnerable to session regeneration when a users logs in or out
client-certificate-auth Vulnerable to Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect
git-archive vulnerable to Command Injection via exports function
Flowise and Flowise Chat Embed vulnerable to Stored Cross-site Scripting
@fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option
OpenClaw Has Incomplete Fix for CVE-2026-4039: CLI Backend Environment Variable Injection via Workspace Config
Duplicate Advisory: OpenClaw: BlueBubbles beta plugin webhook auth hardening (remove passwordless fallback)
simple-git has blockUnsafeOperationsPlugin bypass via case-insensitive protocol.allow config key enables RCE
Malicious code in anyblock-adapter (npm)
Malicious code in obloq (npm)
Malicious code in blank-ts-monorepo (npm)
Malicious code in blockchain.com-adapter (npm)
markdown-it-decorate vulnerable to cross-site scripting (XSS)
Malicious code in octavius-public (npm)
datatables.net vulnerable to Prototype Pollution due to incomplete fix
Malicious code in public-method-library (npm)
Malicious code in publicrepoui (npm)
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay
Parse Server vulnerable to stored XSS via file upload of HTML-renderable file types
Malicious code in blockchain-transactions (npm)
Hono vulnerable to Prototype Pollution possible through __proto__ key allowed in parseBody({ dot: true })
Malicious code in loblaw_common (npm)
OpenClaw is vulnerable to validation bypass through GNU long-option abbreviations in allowlist mode
OpenClaw: Exec environment denylist missed high-risk interpreter startup variables
`vega-functions` vulnerable to Cross-site Scripting via `setdata` function
Malicious code in taxjar-blog (npm)
Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions
Malicious code in caas-assembly (npm)
Malicious code in timeline-airtable (npm)
Unsanitized JavaScript code injection possible in gatsby-plugin-mdx
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF
Malicious code in blocto (npm)
TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution
auth0-lock vulnerable to XSS via unsanitized placeholder property
Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default
Malicious code in readabl-steam (npm)
Malicious code in actblue-contributions (npm)
`OpenClaw: session_status` let sandboxed subagents access parent or sibling session state
Malicious code in blacky-sheppoing (npm)
body-parser is vulnerable to denial of service when url encoding is used
Svelte vulnerable to XSS when using objects during server-side rendering
Malicious code in @ensdomains/blacklist (npm)
OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host
node-twain vulnerable to Improper Check or Handling of Exceptional Conditions
Hono Vulnerable to SSE Control Field Injection via CR/LF in writeSSE()
Malicious code in @alexadark/gatsby-theme-wordpress-blog (npm)
Malicious code in ably-forks (npm)
@elgentos/magento2-dev-mcp vulnerable to command injection
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
dottie is vulnerable to Prototype Pollution bypass via non-first path segments in set() and transform()
@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser
OpenClaw: Nextcloud Talk room allowlist matched colliding room names instead of stable room tokens
Malicious code in payable-js-ipg-sdk (npm)
Malicious code in human-readable-time-formatter (npm)
Malicious code in aws-public (npm)
serverless MCP Server vulnerable to Command Injection in list-projects tool
Properties-Reader before v2.2.0 vulnerable to prototype pollution
fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key
Malicious code in @azure-tests/perf-data-tables (npm)
Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)
Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline
@backstage/plugin-techdocs-node vulnerable to possible Path Traversal in TechDocs Local Generator
StableLib Ed25519 Signature Malleability via Missing S < L Check
Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbs
xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment
Malicious code in paytm-blink-checkout-vue2-example (npm)
Malicious code in blockzie-l10n (npm)
OpenClaw Vulnerable to HTML injection via unvalidated image MIME type in data-URL interpolation
Astro vulnerable to reflected XSS via the server islands feature
angular vulnerable to regular expression denial of service via the angular.copy() utility
Duplicate Advisory: OpenClaw's system.run approvals did not bind mutable script operands across approval and execution
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig
fast-filesystem-mcp is vulnerable to command injection through handleGetDiskUsage function
steal Inefficient Regular Expression Complexity vulnerability via string variable
uppy's companion module is vulnerable to Server-Side Request Forgery (SSRF)
Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM
Malicious code in foundry-js-react-blueprint (npm)
Malicious code in blz-internal-pkg (npm)
Malicious code in formidblue (npm)
NocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL Functionality
Clerk-js vulnerable to bypass of OAuth authentication flow by manipulating request at OTP verification stage
Malicious code in free-roblox-robux-codes-app (npm)
Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling Directories
Agions taskflow-ai vulnerable to os command injection in src/mcp/server/handlers.ts
Malicious code in audible-react-assets (npm)
NocoDB Vulnerable to User Enumeration via Password Reset Endpoint
Samlify vulnerable to Authentication Bypass by allowing tokens to be reused with different usernames
Prototype pollution not blocked by object-path related utilities in hoolock
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno
OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime
Malicious code in bablpluginsyntaxdynamicimport (npm)
Malicious code in bablpresetpev (npm)
Malicious code in bubble-core (npm)
Malicious code in preloadsmartablejs (npm)
jspdf vulnerable to Regular Expression Denial of Service (ReDoS)
Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client
Malicious code in thumb-assembler (npm)
n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox
Malicious code in vt-blockchain-bootcamp-starter-frontend (npm)
esbuild enables any website to send any requests to the development server and read the response
OpenClaw: safeBins static default trusted dirs allow writable-dir binary hijack (`jq`)
Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy
Malicious code in blockchain-explorer-sdk (npm)
Malicious code in blockchain-wallet-ios (npm)
passport-wsfed-saml2 vulnerable to Signature Bypass in SAML2 token
Malicious code in noblox.js-ssh (npm)
Svelecte item names vulnerable to execution of arbitrary JavaScript
Malicious code in executables.handler (npm)
Malicious code in loblaws-mkt (npm)
Apollo Federation vulnerable to prototype pollution via incomplete key sanitization
Malicious code in blockchain-contracts (npm)
Strapi core vulnerable to sensitive data exposure via CORS misconfiguration
Materialize-css vulnerable to Cross-site Scripting in autocomplete component
Malicious code in console-less-variables (npm)
Malicious code in @emilgroup/public-api-sdk (npm)
OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite sender-ID mismatch
node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization
Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]
OpenClaw Vulnerable to Remote Code Execution via Node Invoke Approval Bypass in Gateway
mxGraph vulnerable to cross-site scripting in setTooltips function
DOMPurify is vulnerable to mutation-XSS via Re-Contextualization
Malicious code in @alexadark/reusable-functions (npm)
Directus Vulnerable to User Enumeration via Password Reset Timing Attack
Flowise is vulnerable to arbitrary file write through its WriteFileTool
Renovate vulnerable to arbitrary command injection via npm manager and malicious Renovate configuration
muhammara and hummus vulnerable to null pointer dereference on bad response object
Malicious code in collapsible-group (npm)
Malicious code in @blackice12/tiny (npm)
OneUptime ClickHouse vulnerable to SQL Injection via unvalidated column identifiers in sort, select, and groupBy parameters
Malicious code in @dev-blinq/cucumber_client (npm)
Malicious code in @dev-blinq/ui-systems (npm)
BSV Blockchain SDK has an Authentication Signature Data Preparation Vulnerability
Malicious code in @ramp106/timetable (npm)
@siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection
Nuxt OG Image is vulnerable to reflected XSS via query parameter injection into HTML attributes
Malicious code in airtable-blocks-internal (npm)
kurwov vulnerable to Denial of Service due to improper data sanitization
Duplicate Advisory: `OpenClaw: session_status` let sandboxed subagents access parent or sibling session state
Malicious code in vulnerable-dependency (npm)
Malicious code in sdm.vendor.zen-observable (npm)
pg-native and libpq vulnerable to uncontrolled resource consumption
Malicious code in eslint-plugin-react-hooks-published (npm)
Malicious code in liblynxtextra.so (npm)
Malicious code in tds-publish (npm)
CleverTap Web SDK is vulnerable to DOM-based XSS via handleCustomHtmlPreviewPostMessageEvent function
SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering
Malicious code in vulnerablbsusuendency (npm)
OpenClaw's incomplete host env sanitization blocklist allows supply-chain redirection via package-manager env overrides
Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD
Malicious code in tslint-blueprint-palantir (npm)
Malicious code in workers-airtable-form (npm)
OpenClaw Telegram webhook request bodies were read before secret validation, enabling unauthenticated resource exhaustion
OpenClaw: system.run approvals did not bind PATH-token executable identity, enabling post-approval executable rebind
OpenClaw: BlueBubbles (optional plugin) pairing/allowlist mismatch when allowFrom is empty
Malicious code in seatable (npm)
TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction
Duplicate Advisory: OpenClaw: system.run approvals did not bind PATH-token executable identity, enabling post-approval executable rebind
Malicious code in ab-smartable (npm)
Qwik vulnerable to Unauthenticated RCE via server$ Deserialization
Malicious code in @amplify-components/amplify-table (npm)
file-type vulnerable to Infinite Loop via malformed MKV file
Malicious code in timhutable (npm)
NodeBB vulnerable to account takeover via prototype vulnerability
OpenClaw vulnerable to path traversal in Feishu media temp-file naming allows writes outside os.tmpdir()
Malicious code in beginners-luck-chance-of-a-lifetime-1-by-kate-clayborn-on-audible-full-chapters- (npm)
OpenClaw has a BlueBubbles group allowlist mismatch via DM pairing-store fallback
Malicious code in iwf-ant-design-draggable-modal (npm)
Parse Server's OAuth2 adapter shares mutable state across providers via singleton instance
Malicious code in @sasmeee/gamble (npm)
rsshub vulnerable to Cross-site Scripting via unvalidated URL parameters
axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header
Malicious code in wagtail-supertable (npm)
Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block
Malicious code in @azure-tests/perf-storage-blob (npm)
Multer vulnerable to Denial of Service from maliciously crafted requests
Malicious code in redirect-j5blfb (npm)
Unhead Vulnerable to Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity
Malicious code in noblox.js-beta (npm)
Malicious code in public-tools-and-demos (npm)