OsVault/npm/canvas
npm

canvas

20 known vulnerabilities · 0 critical · 1 high

CVE-2020-8215HIGH

Buffer overflow in canvas

Published May 7, 2021
MAL-2023-152

Malicious code in caas-canvas (npm)

Published Mar 31, 2023
GHSA-9gvx-vj57-vqqx

Duplicate Advisory: OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication

Published Apr 10, 2026
MAL-2023-158

Malicious code in canvas-text-colorizer (npm)

Published Jun 6, 2023
GHSA-cjv3-m589-v3rx

OpenClaw has Canvas route hardening for mixed-trust deployments

Published Mar 3, 2026
MAL-2024-10898

Malicious code in canvaskit-local (npm)

Published Nov 24, 2024
GHSA-vvjh-f6p9-5vcf

OpenClaw Canvas Authentication Bypass Vulnerability

Published Mar 4, 2026
MAL-2026-1040

Malicious code in react-markdown-canvas (npm)

Published Feb 23, 2026
MAL-2022-6186

Malicious code in snapcanvas-sdk (npm)

Published Jun 20, 2022
MAL-2025-3620

Malicious code in flashcanvas (npm)

Published May 6, 2025
GHSA-jq4x-98m3-ggq6

OpenClaw Canvas Path Traversal Information Disclosure Vulnerability

Published Mar 2, 2026
MAL-2022-2480

Malicious code in discord-canvases (npm)

Published Sep 21, 2022
MAL-2023-833

Malicious code in td-service-canvas (npm)

Published Mar 31, 2023
MAL-2026-3189

Malicious code in react-video-canvas (npm)

Published Apr 29, 2026
MAL-2024-71

Malicious code in cordova-plugin-canvas (npm)

Published Jan 11, 2024
MAL-2026-2524

Malicious code in a2a-chat-canvas (npm)

Published Apr 6, 2026
MAL-2023-8479

Malicious code in rb-seatlayout-canvas (npm)

Published Nov 7, 2023
GHSA-6mqc-jqh6-x8fc

OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication

Published Mar 26, 2026
MAL-2025-5490

Malicious code in canvas-chache-kit (npm)

Published Jun 30, 2025
MAL-2025-4641

Malicious code in canvas-helper-kit (npm)

Published Jun 4, 2025
Check your entire dependency tree at onceRun dependency scan →