bun

bun vulnerable to OS Command Injection

Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo

AutoUpdater module fails to validate certain nested components of the bundle

Missing Origin Validation in parcel-bundler

OpenClaw: Workspace `.env` can override the bundled plugin trust root

Command injection in buns

Shakapacker has environment variable leak via EnvironmentPlugin that exposes secrets to client-side bundles

Malicious code in bc-bundle (npm)

Malicious code in bunny-v3 (npm)

Basic-auth app bundle credential exposure in gatsby-source-wordpress

Malicious code in com.unity.modules.unitywebrequestassetbundle (npm)

Malicious code in loblaws-mkt-bundle (npm)

Malicious code in ubuntu-drivers-common (npm)

Malicious code in aa-bundler (npm)

Malicious code in abunews-components (npm)

Malicious code in bun-plugin-httpfile (npm)

Malicious code in webbundle-plugins (npm)

Malicious code in com.unity.assetbundlebrowser (npm)

Malicious code in etherbundle (npm)

DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

Malicious code in bundle-text (npm)

Malicious code in microbundle-starter (npm)

Malicious code in @loybung/textfont (npm)

Malicious code in mailru-toolkit-lego-bundle (npm)

Malicious code in @loybung/unicode-fonts (npm)

Malicious code in @loybung/weatherapi (npm)

Malicious code in react-server-dom-unbundled (npm)

Malicious code in @loybung/hyper-client (npm)

Malicious code in com.unity.modules.assetbundle (npm)

OpenClaw: Workspace `.env` can override the bundled hooks root and load attacker hook code

Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS

Prototype pollution in izatop bunt

Malicious code in @ucs-private/rollup-plugin-dts-bundle (npm)

Malicious code in pumpfun-bundle-helpers.js (npm)

Malicious code in domestic-market-bundle (npm)

Malicious code in sol-web3-bundler (npm)

Malicious code in toolbox-bem-bundle (npm)

Storybook manager bundle may expose environment variables during build

Malicious code in tailwindcss-fonts-bundler (npm)

Malicious code in tailwindcss-form-bundler (npm)

Malicious code in json-bundling (npm)

Malicious code in pkl.tmbundle (npm)

Malicious code in monosize-bundler-rsbuild (npm)

Malicious code in @amber-team/report-bundle-diff (npm)

Malicious code in react-svg-bundler (npm)

Malicious code in bunny-v2 (npm)

Malicious code in @loybung/discohook (npm)

Malicious code in @loybung/dous (npm)

Malicious code in @loybung/textreplace (npm)

Malicious code in paymaster-bundler-examples (npm)

Malicious code in odesk.bpa-tsf-calc-bundle (npm)

Malicious code in openai-bun-test (npm)

Malicious code in @loybung/systeminfo (npm)

Malicious code in bundle-cryp (npm)

Malicious code in globalize-bundle (npm)

Malicious code in ifabric-styling-bundle (npm)

Malicious code in web3-bundle-helper.js (npm)

Malicious code in web3-bundle-helpers.js (npm)

Malicious code in bsc-web3-bundler (npm)

Malicious code in test-utils-bundle (npm)

Malicious code in wcebpack-bunde-analyzer (npm)

Malicious code in tailwindcss-forms-bundler (npm)

Malicious code in @asyncapi/bundler (npm)

Malicious code in actions-next-bundle-analyzer (npm)

Malicious code in bundleliep (npm)

Malicious code in @loybung/emoji (npm)

Malicious code in @loybung/encode (npm)

Malicious code in @loybung/inject (npm)

Malicious code in @loybung/launcher (npm)

Malicious code in sentry-bundler-plugin-dev (npm)

Malicious code in @loybung/rdcw-slipverify (npm)

Malicious code in @loybung/weather-api (npm)

Malicious code in @loybung/utils (npm)

Malicious code in @loybung/provider-loader (npm)

Malicious code in jsonify-bundler (npm)