OsVault/npm/cli
npm5 critical

cli

568 known vulnerabilities · 5 critical · 16 high

CVE-2016-10538LOW

Arbitrary File Write in cli

Published Feb 18, 2019
CVE-2020-24855MEDIUM

easywebpack-cli Path Traversal vulnerability

Published Dec 15, 2022
GHSA-3xx2-mqjm-hg9x

Paperclip: Cross-tenant agent API key IDOR in `/agents/:id/keys` routes allows full victim-company compromise

Published Apr 16, 2026
GHSA-47wq-cj9q-wpmp

Paperclip: Cross-tenant agent API token minting via missing assertCompanyAccess on /api/agents/:id/keys

Published Apr 16, 2026
MAL-2025-191495

Malicious code in @bingads-webui-clientcenter/instrumentation (npm)

Published Dec 1, 2025
MAL-2025-191517

Malicious code in mongodb-atlas-cli-toc-generator (npm)

Published Dec 1, 2025
MAL-2025-191516

Malicious code in markdownlint-cli2-action (npm)

Published Dec 1, 2025
GHSA-cr3w-cw5w-h3fj

Saltcorn's Reflected XSS and Command Injection vulnerabilities can be chained for 1-click-RCE

Published Jan 26, 2026
MAL-2025-2017

Malicious code in aws-features-signin-proxy-client (npm)

Published Mar 3, 2025
MAL-2025-2716

Malicious code in vistar-ad-clienttestadv3 (npm)

Published Mar 25, 2025
MAL-2026-1690

Malicious code in chain-promised-cli (npm)

Published Mar 18, 2026
MAL-2026-2420

Malicious code in @_wnpm/wnpm-cli (npm)

Published Apr 2, 2026
CVE-2026-28792

TinaCMS CLI Dev Server Vulnerable to Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS

Published Mar 12, 2026
MAL-2026-3005

Malicious code in changelog-cli-logger (npm)

Published Apr 23, 2026
CVE-2016-10536MEDIUM

Insecure Defaults Allow MITM Over TLS in engine.io-client

Published Feb 18, 2019
MAL-2022-1059

Malicious code in apollocli8ent (npm)

Published Aug 19, 2022
MAL-2024-8821

Malicious code in apigeeclientlib (npm)

Published Sep 5, 2024
CVE-2026-34773MEDIUM
Risk: 23.51/100

Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows

Published Apr 3, 2026
CVE-2024-38987MEDIUM

@aofl/cli-lib Prototype Pollution vulnerability

Published Jul 1, 2024
CVE-2017-16155HIGH

Directory Traversal in fast-http-cli

Published Jul 23, 2018
CVE-2021-4326LOW

Imperative CLI vulnerable to Command Injection

Published Mar 1, 2023
MAL-2024-9551

Malicious code in client-lambda (npm)

Published Oct 16, 2024
CVE-2026-27492

Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused

Published Feb 20, 2026
CVE-2021-27185CRITICAL

Command injection in samba-client

Published Feb 11, 2021
CVE-2020-15095MEDIUM

npm CLI exposing sensitive information through logs

Published Jul 7, 2020
CVE-2026-22819

Outray has a Race Condition in the cli's webapp

Published Jan 13, 2026
CVE-2023-23925HIGH

Switcher Client contains Regular Expression Denial of Service (ReDoS)

Published Feb 2, 2023
GHSA-96qw-h329-v5rg

Shakapacker has environment variable leak via EnvironmentPlugin that exposes secrets to client-side bundles

Published Jan 8, 2026
CVE-2024-6783

vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)

Published Jul 23, 2024
GHSA-4hmj-39m8-jwc7

OpenClaw has ACP CLI approval prompt ANSI escape sequence injection

Published Mar 29, 2026
CVE-2020-11021MEDIUM

Http request which redirect to another hostname do not strip authorization header in @actions/http-client

Published Apr 29, 2020
CVE-2023-50974MEDIUM

Apprite CLI makes Use of Hard-coded Credentials

Published Jan 9, 2024
CVE-2026-29783

GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution

Published Mar 6, 2026
GHSA-vr7g-88fq-vhq3

Paperclip: OS Command Injection via Execution Workspace cleanupCommand

Published Apr 16, 2026
CVE-2021-37700MEDIUM

Clipboard-based DOM-XSS

Published Aug 12, 2021
MAL-2022-2659

Malicious code in eclipse-typescript (npm)

Published Jun 20, 2022
CVE-2026-1528

Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client

Published Mar 13, 2026
MAL-2022-2673

Malicious code in edx_cli (npm)

Published Jun 20, 2022
MAL-2023-584

Malicious code in marketplace-frontend-client-config (npm)

Published Apr 3, 2023
CVE-2025-54139

HAX CMS application pages vulnerable to clickjacking

Published Jul 21, 2025
GHSA-w8hx-hqjv-vjcq

Paperclip: Malicious skills able to exfiltrate and destroy all user data

Published Apr 16, 2026
CVE-2017-16121HIGH

Directory Traversal in datachannel-client

Published Jul 23, 2018
MAL-2023-776

Malicious code in signalr-temp-client (npm)

Published Jul 16, 2023
GHSA-5847-rm3g-23mw

OpenClaw has hook auth rate limiter bypass via IPv4-mapped IPv6 client key variants

Published Mar 3, 2026
MAL-2024-10432

Malicious code in ganach-cli (npm)

Published Nov 6, 2024
GHSA-xfqj-r5qw-8g4j

Paperclip: Unauthenticated Access to Multiple API Endpoints in Authenticated Mode

Published Apr 16, 2026
GHSA-xr8f-h2gw-9xh6

OAuth 2.1 Provider: Unprivileged users can register OAuth clients

Published Apr 16, 2026
CVE-2026-32306

OneUptime ClickHouse SQL Injection via Aggregate Query Parameters

Published Mar 13, 2026
MAL-2025-190962

Malicious code in haufe-axera-api-client (npm)

Published Nov 24, 2025
MAL-2026-3070

Malicious code in @tw-marionette/clipboard (npm)

Published Apr 26, 2026
GHSA-5hff-46vh-rxmw

OpenClaw: Read-scoped identity-bearing HTTP clients could kill sessions via /sessions/:sessionKey/kill

Published Apr 7, 2026
CVE-2022-40764HIGH

Snyk CLI affected by Command Injection vulnerability

Published Oct 4, 2022
MAL-2025-192618

Malicious code in adk-cli (npm)

Published Dec 19, 2025
MAL-2022-1833

Malicious code in cart-client-js (npm)

Published Jun 20, 2022
CVE-2016-10657HIGH

Downloads Resources over HTTP in co-cli-installer

Published Feb 18, 2019
MAL-2022-1667

Malicious code in brave-bitgo-client (npm)

Published Jun 13, 2022
CVE-2017-16058HIGH

gruntcli is malware

Published Nov 9, 2018
MAL-2022-1860

Malicious code in centrifuge-cli (npm)

Published Jun 20, 2022
CVE-2016-1000230

XSS in client rendered block templates in rendr

Published Sep 1, 2020
MAL-2025-3609

Malicious code in apache-httpclient (npm)

Published May 6, 2025
GHSA-68qg-g8mg-6pr7

paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass

Published Apr 10, 2026
MAL-2022-1926

Malicious code in client-sdk-contract-tests (npm)

Published Jun 20, 2022
MAL-2022-1929

Malicious code in clinstestpackage (npm)

Published May 16, 2022
GHSA-rp42-5vxx-qpwr

basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list()

Published Apr 16, 2026
MAL-2022-2192

Malicious code in core-client-1 (npm)

Published Jun 20, 2022
CVE-2026-25528

LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection

Published Feb 9, 2026
CVE-2018-6333CRITICAL

Nuclide Improper Input Validation

Published May 13, 2022
GHSA-9ppg-jx86-fqw7

Unauthorized npm publish of cline@2.3.0 with modified postinstall script

Published Feb 19, 2026
MAL-2022-2657

Malicious code in eclipse-megamovie-build (npm)

Published Jun 20, 2022
GHSA-6xg4-82hv-cp6f

OpenClaw: Gateway chat.send ACP-only provenance guard could be bypassed by client identity spoofing

Published Mar 31, 2026
CVE-2021-34435HIGH

Remote code execution in Eclipse Theia

Published Sep 2, 2021
MAL-2022-2384

Malicious code in dds-client-side-logger (npm)

Published Jun 20, 2022
CVE-2021-32809MEDIUM

Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality

Published Aug 23, 2021
MAL-2022-238

Malicious code in @epc-infra/clinstestpackage (npm)

Published May 16, 2022
MAL-2022-4537

Malicious code in media-types-v3-lro-client (npm)

Published Jun 20, 2022
CVE-2026-32898

OpenClaw ACP client has permission auto-approval bypass via untrusted tool metadata

Published Feb 27, 2026
MAL-2022-3269

Malicious code in ganache-cli-coverage (npm)

Published Sep 13, 2022
MAL-2022-4817

Malicious code in newclick-components (npm)

Published Jun 20, 2022
GHSA-w2fm-25vw-vh7f

mcp-handler has a tool response leak across concurrent client sessions ('Race Condition')

Published Apr 1, 2026
MAL-2022-3939

Malicious code in iot-central-high-availability-clients (npm)

Published Jun 20, 2022
GHSA-2f7j-rp58-mr42

OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients

Published Apr 7, 2026
GHSA-xrxf-jgv3-qmrm

OpenAI Codex CLI enables code execution through malicious MCP (Model Context Protocol) configuration files

Published Apr 14, 2026
CVE-2021-39134HIGH

@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following

Published Aug 31, 2021
CVE-2026-24047

@backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass

Published Jan 21, 2026
CVE-2026-32029

OpenClaw improperly parses X-Forwarded-For behind trusted proxies allows client IP spoofing in security decisions

Published Mar 3, 2026
MAL-2022-1595

Malicious code in bitpay-rest-client (npm)

Published Jun 20, 2022
MAL-2022-4818

Malicious code in newclick-composite-components (npm)

Published Jun 20, 2022
MAL-2022-6493

Malicious code in test-task-react-client (npm)

Published Jun 20, 2022
MAL-2022-1047

Malicious code in apimanagementclient (npm)

Published Jun 20, 2022
MAL-2022-1050

Malicious code in apl-client (npm)

Published Sep 26, 2022
MAL-2022-1755

Malicious code in ca-bucky-client (npm)

Published Sep 19, 2022
MAL-2022-1927

Malicious code in client-sync (npm)

Published Jun 20, 2022
MAL-2022-1928

Malicious code in clientlib-manifests (npm)

Published Jun 20, 2022
MAL-2022-1930

Malicious code in clipobard (npm)

Published Aug 19, 2022
MAL-2022-1931

Malicious code in clispmner (npm)

Published Aug 19, 2022
MAL-2022-6077

Malicious code in share-service-client (npm)

Published Jun 20, 2022
CVE-2026-25536

@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

Published Feb 4, 2026
MAL-2022-1756

Malicious code in cabelcli (npm)

Published Aug 19, 2022
MAL-2022-1831

Malicious code in carpenter-api-client (npm)

Published Jun 20, 2022
MAL-2022-1924

Malicious code in click-out-report-website (npm)

Published Jun 20, 2022
MAL-2022-870

Malicious code in adroit-websdk-client (npm)

Published May 16, 2022
MAL-2022-3228

Malicious code in frontend-restclient (npm)

Published Jun 20, 2022
MAL-2022-3455

Malicious code in grenache-fib-client (npm)

Published Jun 20, 2022
CVE-2025-11953

@react-native-community/cli has arbitrary OS command injection

Published Nov 3, 2025
GHSA-3cw3-5vxw-g2h3

OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials

Published Mar 31, 2026
MAL-2024-10893

Malicious code in kiosk-cli (npm)

Published Nov 23, 2024
MAL-2023-8109

Malicious code in inteken-app-client (npm)

Published Sep 16, 2023
CVE-2026-26326

OpenClaw skills.status could leak secrets to operator.read clients

Published Feb 17, 2026
GHSA-8mpm-q7mh-8fvh

Capgo CLI: symlink-following local secret writes enable arbitrary file overwrite + world-readable credentials (0600 missing)

Published Mar 18, 2026
CVE-2026-22820

Outray cli is vulnerable to race conditions in tunnels creation

Published Jan 13, 2026
GHSA-3pw3-v88x-xj24

Paperclip: Arbitrary File Read via Agent-Controlled adapterConfig.instructionsFilePath

Published Apr 16, 2026
MAL-2024-11235

Malicious code in appetize-cli (npm)

Published Dec 8, 2024
MAL-2022-7159

Malicious code in wix-bi-logger-client (npm)

Published Sep 2, 2022
MAL-2023-190

Malicious code in cms-serviceclients (npm)

Published Mar 15, 2023
MAL-2023-191

Malicious code in cms-serviceclients-extensions (npm)

Published Mar 15, 2023
MAL-2024-10755

Malicious code in marketing-jest-cli (npm)

Published Nov 14, 2024
MAL-2022-2679

Malicious code in eg-clickstream-sdk-js (npm)

Published Jun 8, 2022
MAL-2022-30

Malicious code in 47cliens_server (npm)

Published Jun 20, 2022
MAL-2022-6702

Malicious code in twitch-intl-cli (npm)

Published Jun 20, 2022
MAL-2023-646

Malicious code in oc-active-conversation-module-client (npm)

Published Apr 20, 2023
MAL-2022-4275

Malicious code in legacy-client-ebay (npm)

Published Sep 14, 2022
MAL-2024-8877

Malicious code in afe-host-client (npm)

Published Sep 16, 2024
CVE-2026-30827

express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network

Published Mar 6, 2026
MAL-2022-6806

Malicious code in uphold-client-credentials-oauth (npm)

Published Jun 20, 2022
MAL-2022-6807

Malicious code in uphold-client-credentials-oauth-sample (npm)

Published Jun 20, 2022
MAL-2022-4592

Malicious code in miew-cli (npm)

Published Jun 20, 2022
MAL-2025-1114

Malicious code in discordjs-webclients (npm)

Published Feb 3, 2025
MAL-2022-7378

Malicious code in zcli-monorepo (npm)

Published Jun 20, 2022
GHSA-9f4w-67g7-mqwv

OpenClaw: Endpoint persists after trust decline, leaking gateway credentials

Published Apr 3, 2026
CVE-2021-39135HIGH

UNIX Symbolic Link (Symlink) Following in @npmcli/arborist

Published Aug 31, 2021
GHSA-gqqj-85qm-8qhf

Paperclip: codex_local inherited ChatGPT/OpenAI-connected Gmail and was able to send real email

Published Apr 16, 2026
CVE-2019-17636HIGH

Insufficient Verification of Data Authenticity in Eclipse Theia

Published Apr 13, 2021
MAL-2023-811

Malicious code in startrek-client (npm)

Published Jan 30, 2023
MAL-2022-760

Malicious code in @xvideos/core-clients (npm)

Published Jun 20, 2022
MAL-2023-8432

Malicious code in qlkube-client (npm)

Published Nov 5, 2023
MAL-2025-190902

Malicious code in @postman/mcp-ui-client (npm)

Published Nov 24, 2025
CVE-2020-27224CRITICAL

Cross-site Scripting (XSS) in Eclipse Theia

Published Apr 13, 2021
GHSA-f37v-82c4-4x64

Electron: Crash in clipboard.readImage() on malformed clipboard image data

Published Apr 7, 2026
CVE-2020-7633CRITICAL

apiconnect-cli-plugins vulnerable to OS Command Injection

Published May 24, 2021
MAL-2024-10769

Malicious code in preact-cli-build (npm)

Published Nov 15, 2024
MAL-2025-191369

Malicious code in @voiceflow/runtime-client-js (npm)

Published Nov 25, 2025
MAL-2024-7926

Malicious code in ampersend-client (npm)

Published Aug 7, 2024
CVE-2026-25253

OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl

Published Feb 2, 2026
GHSA-p7mm-r948-4q3q

Paperclip: Approval decision attribution spoofing via client-controlled `decidedByUserId` in paperclip server

Published Apr 16, 2026
MAL-2024-1674

Malicious code in mwp-localtunnel-client (npm)

Published Jun 27, 2024
MAL-2025-191422

Malicious code in selenium-session-client (npm)

Published Nov 25, 2025
MAL-2024-1607

Malicious code in elasticsearch-client-specification (npm)

Published Jun 13, 2024
MAL-2024-10497

Malicious code in client-req-bans (npm)

Published Nov 7, 2024
MAL-2024-10498

Malicious code in client-req-scopes (npm)

Published Nov 7, 2024
MAL-2024-9552

Malicious code in client-s3 (npm)

Published Oct 16, 2024
MAL-2022-7385

Malicious code in zeroclickinfo-goodies (npm)

Published Jun 20, 2022
MAL-2025-1123

Malicious code in firehose-poc-client (npm)

Published Feb 3, 2025
CVE-2021-41086HIGH

Clipboard-based XSS

Published Sep 22, 2021
MAL-2024-10862

Malicious code in spex-node-client (npm)

Published Nov 20, 2024
MAL-2024-8

Malicious code in @authentication-pages/vue-cli-prebuild (npm)

Published Jan 2, 2024
MAL-2025-1215

Malicious code in drift-v1-cli (npm)

Published Feb 3, 2025
MAL-2022-4933

Malicious code in npm-cli-docs (npm)

Published Jun 20, 2022
MAL-2024-7923

Malicious code in advertising-api-javascript-client (npm)

Published Aug 7, 2024
MAL-2025-190660

Malicious code in @asyncapi/modelina-cli (npm)

Published Nov 24, 2025
MAL-2025-190841

Malicious code in evm-checkcode-cli (npm)

Published Nov 24, 2025
MAL-2025-47856

Malicious code in pc-analytics-promotion-creation-client (npm)

Published Sep 24, 2025
MAL-2025-191284

Malicious code in @pergel/cli (npm)

Published Nov 25, 2025
MAL-2025-191026

Malicious code in @lessondesk/api-client (npm)

Published Nov 24, 2025
MAL-2025-191060

Malicious code in @varsityvibe/api-client (npm)

Published Nov 24, 2025
MAL-2025-2436

Malicious code in xeno-client (npm)

Published Mar 14, 2025
MAL-2025-191549

Malicious code in multer-cli (npm)

Published Dec 2, 2025
CVE-2024-6833

Zowe CLI allows storage of previously entered secure credentials in a plaintext file

Published Jul 17, 2024
MAL-2022-155

Malicious code in @btu-tools/master-builder-client (npm)

Published Jun 20, 2022
MAL-2025-5905

Malicious code in crypto-com-developer-platform-client (npm)

Published Jul 15, 2025
MAL-2025-2715

Malicious code in vistar-ad-clienttestadv2 (npm)

Published Mar 25, 2025
CVE-2026-28787

OneUptime has WebAuthn 2FA bypass: server accepts client-supplied challenge instead of server-stored value, allowing credential replay

Published Mar 2, 2026
MAL-2026-2

Malicious code in common-cli-utils (npm)

Published Jan 1, 2026
MAL-2025-192409

Malicious code in ecmascript-runtime-client (npm)

Published Dec 10, 2025
MAL-2026-1380

Malicious code in cline (npm)

Published Mar 12, 2026
MAL-2026-1578

Malicious code in browser-gaming-client (npm)

Published Mar 19, 2026
MAL-2025-2609

Malicious code in eclipse-tractusx-github-io (npm)

Published Mar 24, 2025
MAL-2025-3597

Malicious code in msl-example-client (npm)

Published May 4, 2025
MAL-2026-1635

Malicious code in @polymarket-developers/clob-client (npm)

Published Mar 18, 2026
MAL-2025-48569

Malicious code in mender-cli (npm)

Published Oct 24, 2025
GHSA-fpw4-p57j-hqmq

Paperclip: Stored XSS via javascript: URLs in MarkdownBody — urlTransform override disables react-markdown sanitization

Published Apr 16, 2026
CVE-2026-34750MEDIUM
Risk: 32.52/100

Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints

Published Apr 1, 2026
MAL-2026-211

Malicious code in @workleap-widgets/client (npm)

Published Jan 12, 2026
GHSA-fw9q-39r9-c252

LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`

Published Apr 10, 2026
MAL-2025-4564

Malicious code in iot-sdk-device-client-rest-api (npm)

Published May 26, 2025
MAL-2026-1639

Malicious code in @uc-platform/advertisement-service-client (npm)

Published Mar 18, 2026
MAL-2025-264

Malicious code in zk-settlement-client (npm)

Published Jan 20, 2025
MAL-2026-1681

Malicious code in chai-promised-cli (npm)

Published Mar 18, 2026
MAL-2026-1713

Malicious code in dotenv-node-cli (npm)

Published Mar 18, 2026
MAL-2026-95

Malicious code in x-clients-features (npm)

Published Jan 6, 2026
MAL-2026-1802

Malicious code in node-cli-dotenv (npm)

Published Mar 18, 2026
MAL-2022-3058

Malicious code in fitbit-connect-client-api (npm)

Published Jun 20, 2022
MAL-2026-1424

Malicious code in @3stripes/api-client (npm)

Published Mar 15, 2026
MAL-2026-2605

Malicious code in kaltura-ngx-client (npm)

Published Apr 13, 2026
MAL-2026-2607

Malicious code in stats-api-js-client (npm)

Published Apr 13, 2026
MAL-2025-3679

Malicious code in bitpay-push-notification-client (npm)

Published May 7, 2025
MAL-2022-4536

Malicious code in media-types-v3-client (npm)

Published Jun 20, 2022
MAL-2025-48750

Malicious code in paysafe-client-proxy (npm)

Published Oct 23, 2025
MAL-2025-3768

Malicious code in mag-client (npm)

Published May 12, 2025
MAL-2026-2764

Malicious code in gemini-cli-vscode-ide-companion (npm)

Published Apr 16, 2026
MAL-2025-5893

Malicious code in artifact-registry-client (npm)

Published Jul 15, 2025
MAL-2026-1674

Malicious code in chai-await-cli (npm)

Published Mar 18, 2026
GHSA-rcx4-77x4-hjx5

Duplicate Advisory: OpenClaw ACP client has permission auto-approval bypass via untrusted tool metadata

Published Mar 21, 2026
GHSA-rvqr-hrcc-j9vv

OpenClaw: Bonjour/DNS-SD TXT metadata steers CLI routing after failed service resolution

Published Mar 26, 2026
MAL-2026-156

Malicious code in sparkling-cli (npm)

Published Jan 8, 2026
MAL-2023-1342

Malicious code in webpack-cli.legacy (npm)

Published May 1, 2023
MAL-2026-1744

Malicious code in house-click (npm)

Published Mar 18, 2026
MAL-2025-190833

Malicious code in bytecode-checker-cli (npm)

Published Nov 24, 2025
CVE-2026-25651

client-certificate-auth Vulnerable to Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect

Published Feb 6, 2026
CVE-2026-2229

Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation

Published Mar 13, 2026
GHSA-vfw7-6rhc-6xxg

OpenClaw Has Incomplete Fix for CVE-2026-4039: CLI Backend Environment Variable Injection via Workspace Config

Published Apr 7, 2026
MAL-2022-4961

Malicious code in nsg-setclient (npm)

Published Jun 20, 2022
MAL-2024-8036

Malicious code in platform-client-messaging-service (npm)

Published Aug 26, 2024
MAL-2024-8039

Malicious code in system-library-gameanalytics-client (npm)

Published Aug 26, 2024
MAL-2026-2358

Malicious code in env-cli-express (npm)

Published Mar 24, 2026
MAL-2022-1855

Malicious code in cdk-cli-wrapper (npm)

Published Jun 20, 2022
CVE-2024-47885

DOM Clobbering Gadget found in astro's client-side router that leads to XSS

Published Oct 14, 2024
MAL-2022-552

Malicious code in @radancy/dropr-client (npm)

Published Jun 30, 2022
MAL-2026-309

Malicious code in sd-pdc-module-client (npm)

Published Jan 16, 2026
MAL-2025-2238

Malicious code in angularonlineauthclient (npm)

Published Mar 11, 2025
MAL-2026-365

Malicious code in telia-eventapi-client (npm)

Published Jan 20, 2026
CVE-2016-10597MEDIUM

Downloads Resources over HTTP in cobalt-cli

Published Feb 18, 2019
MAL-2024-11001

Malicious code in scan-cli (npm)

Published Nov 27, 2024
GHSA-3hfp-gqgh-xc5g

Axios supply chain attack - dependency in @lightdash/cli may resolve to compromised axios versions

Published Apr 2, 2026
MAL-2024-10848

Malicious code in npm-cli-release-please (npm)

Published Nov 20, 2024
MAL-2025-190671

Malicious code in @posthog/cli (npm)

Published Nov 24, 2025
MAL-2022-6246

Malicious code in spotify-abba-client (npm)

Published Jun 20, 2022
CVE-2026-33941

Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Published Mar 27, 2026
MAL-2025-191484

Malicious code in browser-client-neptune (npm)

Published Nov 28, 2025
CVE-2025-6624

Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode

Published Jun 26, 2025
MAL-2025-4799

Malicious code in @loybung/hyper-client (npm)

Published Jun 10, 2025
MAL-2022-6369

Malicious code in svc-js-cli (npm)

Published Jun 20, 2022
MAL-2025-190908

Malicious code in @postman/postman-mcp-cli (npm)

Published Nov 24, 2025
MAL-2025-47348

Malicious code in sensay-cli (npm)

Published Sep 16, 2025
MAL-2025-48687

Malicious code in graphclient (npm)

Published Oct 26, 2025
MAL-2022-228

Malicious code in @elektra-web/client (npm)

Published Jun 20, 2022
MAL-2022-1184

Malicious code in avax-js-cli-tools (npm)

Published Aug 2, 2022
CVE-2026-0775

Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Published Jan 23, 2026
MAL-2026-3016

Malicious code in amazon-q-developer-streaming-client (npm)

Published Apr 23, 2026
MAL-2026-3020

Malicious code in @bitwarden/cli (npm)

Published Apr 23, 2026
CVE-2025-66035

Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client

Published Nov 26, 2025
MAL-2022-651

Malicious code in @tinkoff-react-bui/click-outside (npm)

Published Jun 20, 2022
MAL-2025-1946

Malicious code in traceviz-client-core (npm)

Published Mar 3, 2025
CVE-2017-16060HIGH

babelcli is malware

Published Aug 29, 2018
CVE-2025-64756

glob CLI: Command injection via -c/--cmd executes matches with shell:true

Published Nov 17, 2025
MAL-2023-179

Malicious code in clientcore-base-serviceclients (npm)

Published Mar 15, 2023
MAL-2022-2915

Malicious code in exchange_clients (npm)

Published Jun 20, 2022
MAL-2025-2281

Malicious code in simple-progress-cli (npm)

Published Mar 11, 2025
MAL-2022-4502

Malicious code in mattermost-oauth2-client-sample-app (npm)

Published Jun 20, 2022
MAL-2022-4972

Malicious code in nuclide-marshalers-client (npm)

Published Jun 20, 2022
MAL-2025-3121

Malicious code in telegram-client (npm)

Published Apr 3, 2025
MAL-2025-1222

Malicious code in markdownalint-cli2 (npm)

Published Feb 3, 2025
MAL-2022-616

Malicious code in @strava/clio (npm)

Published Jun 13, 2022
MAL-2025-3227

Malicious code in @x-mlbtv/client-utils (npm)

Published Apr 17, 2025
MAL-2025-346

Malicious code in telegramclients (npm)

Published Jan 22, 2025
CVE-2026-28794

`@orpc/client` has Prototype Pollution via `StandardRPCJsonSerializer` Deserialization

Published Mar 2, 2026
MAL-2025-3562

Malicious code in minicom-support-client (npm)

Published May 1, 2025
CVE-2026-33142

OneUptime ClickHouse vulnerable to SQL Injection via unvalidated column identifiers in sort, select, and groupBy parameters

Published Mar 18, 2026
MAL-2025-191213

Malicious code in @dev-blinq/cucumber_client (npm)

Published Nov 24, 2025
MAL-2025-48439

Malicious code in swagger-express-cli (npm)

Published Oct 17, 2025
MAL-2022-6632

Malicious code in training-client (npm)

Published Jul 21, 2022
MAL-2026-703

Malicious code in @x-clients/features (npm)

Published Feb 3, 2026
MAL-2022-5653

Malicious code in react-ldclient-default-values (npm)

Published Jun 20, 2022
MAL-2025-3905

Malicious code in meta-ai-client (npm)

Published May 16, 2025
MAL-2022-6572

Malicious code in tilled-api-client (npm)

Published Jun 20, 2022
MAL-2022-6364

Malicious code in sushi-client (npm)

Published May 31, 2022
MAL-2022-2200

Malicious code in corewebclient (npm)

Published Jun 20, 2022
MAL-2022-1921

Malicious code in cli-e2e (npm)

Published Jun 20, 2022
MAL-2025-3501

Malicious code in needlecast_mvd_ads_site_client (npm)

Published Apr 28, 2025
MAL-2025-3519

Malicious code in @reserach_org_jfhalsdhfkslsfds/openai-client-gadfjgfsf (npm)

Published Apr 29, 2025
MAL-2022-2448

Malicious code in deskera-cli (npm)

Published Jun 20, 2022
MAL-2022-6413

Malicious code in tag-manager-client (npm)

Published Jun 20, 2022
CVE-2026-29066

TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction

Published Mar 12, 2026
MAL-2022-2459

Malicious code in dexclient (npm)

Published Oct 5, 2022
MAL-2025-4440

Malicious code in mexc-cli (npm)

Published May 26, 2025
MAL-2025-4447

Malicious code in prisma-clients (npm)

Published May 26, 2025
MAL-2025-396

Malicious code in bookingcom-api-client (npm)

Published Jan 24, 2025
MAL-2022-81

Malicious code in @arkadium/eagle-user-client (npm)

Published Sep 14, 2022
MAL-2025-4953

Malicious code in mdp-client (npm)

Published Jun 13, 2025
MAL-2025-4313

Malicious code in client-file-manager-module (npm)

Published May 23, 2025
MAL-2025-4314

Malicious code in client-microsite-reactjs-controls (npm)

Published May 23, 2025
MAL-2022-6915

Malicious code in videoclientedgecooperation (npm)

Published Jun 20, 2022
MAL-2022-2537

Malicious code in dkpusherclient (npm)

Published Jun 20, 2022
MAL-2023-647

Malicious code in oc-ccm-module-client (npm)

Published Apr 20, 2023
MAL-2022-6981

Malicious code in vso-service-worker-client (npm)

Published Jun 13, 2022
CVE-2026-22785

orval MCP client is vulnerable to a code injection attack.

Published Jan 13, 2026
MAL-2025-192660

Malicious code in @sodexo-connect/sap-cdc-client (npm)

Published Dec 19, 2025
MAL-2023-1570

Malicious code in @dpdgroupuk/your-dpd-rest-api-client (npm)

Published Aug 24, 2023
MAL-2023-791

Malicious code in speedtestclix (npm)

Published Jan 18, 2023
GHSA-265w-rf2w-cjh4

Paperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command Execution

Published Apr 16, 2026
MAL-2022-1923

Malicious code in clicio (npm)

Published Aug 19, 2022
MAL-2022-2658

Malicious code in eclipse-tslint (npm)

Published Jun 20, 2022
MAL-2022-2726

Malicious code in emberclihtmcbars (npm)

Published Aug 19, 2022
MAL-2023-715

Malicious code in python-statface-client (npm)

Published Jan 30, 2023
MAL-2025-5839

Malicious code in @platform-clientextensions/rum-web (npm)

Published Jul 9, 2025
CVE-2025-65098

Typebot affected by Credential Theft via Client-Side Script Execution and API Authorization Bypass

Published Jan 22, 2026
MAL-2022-3459

Malicious code in grenache-nodejs-fib-client (npm)

Published Jun 20, 2022
MAL-2023-8444

Malicious code in xterm-addon-clipboard (npm)

Published Nov 4, 2023
CVE-2017-16125HIGH

Directory Traversal in rtcmulticonnection-client

Published Jul 23, 2018
MAL-2025-2300

Malicious code in client-analytisc-sdk (npm)

Published Mar 12, 2025
MAL-2022-300

Malicious code in @grubhubprod/order-taking-client-sdk (npm)

Published Jun 20, 2022
CVE-2025-5897

@vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability

Published Jun 9, 2025
MAL-2022-3081

Malicious code in flox-web-client (npm)

Published Jun 20, 2022
MAL-2022-7230

Malicious code in wormhole-client (npm)

Published Jun 2, 2022
MAL-2022-7272

Malicious code in xfi-client-core (npm)

Published Jun 20, 2022
MAL-2025-2628

Malicious code in @mint-lib/query-client (npm)

Published Mar 25, 2025
MAL-2025-2705

Malicious code in sensort-cli (npm)

Published Mar 25, 2025
MAL-2023-533

Malicious code in jannah-client (npm)

Published May 9, 2023
MAL-2026-2973

Malicious code in claudcode-cli (npm)

Published Apr 22, 2026
MAL-2026-1373

Malicious code in @sky-it-livedata-libraries/livedata-commons-client (npm)

Published Mar 12, 2026
MAL-2023-8013

Malicious code in binarium-client (npm)

Published Aug 1, 2023
MAL-2024-11851

Malicious code in 000webhost-api-client (npm)

Published Dec 14, 2024
MAL-2026-305

Malicious code in sd-ccp-module-client (npm)

Published Jan 16, 2026
MAL-2026-306

Malicious code in sd-cip-module-client (npm)

Published Jan 16, 2026
MAL-2026-1641

Malicious code in @uc-platform/user-service-client-ts (npm)

Published Mar 18, 2026
MAL-2024-1061

Malicious code in unity-httpclient (npm)

Published Mar 8, 2024
MAL-2026-744

Malicious code in mdp-client-web (npm)

Published Feb 4, 2026
MAL-2026-1710

Malicious code in dotenv-cli-node (npm)

Published Mar 18, 2026
MAL-2024-11184

Malicious code in dcapps-cli (npm)

Published Dec 3, 2024
MAL-2026-1942

Malicious code in clob-client-sdks (npm)

Published Mar 20, 2026
MAL-2024-11951

Malicious code in client-analysis (npm)

Published Dec 19, 2024
MAL-2022-2301

Malicious code in cyclic-dep-2 (npm)

Published Jun 20, 2022
CVE-2023-41049HIGH

Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client

Published Sep 4, 2023
MAL-2025-4659

Malicious code in ua-aio-h5-client (npm)

Published Jun 3, 2025
MAL-2026-429

Malicious code in sign-client (npm)

Published Jan 21, 2026
MAL-2022-5358

Malicious code in platform-client (npm)

Published Jun 20, 2022
MAL-2022-5409

Malicious code in polymesh-cli (npm)

Published Jun 20, 2022
MAL-2025-190867

Malicious code in @mcp-use/cli (npm)

Published Nov 24, 2025
MAL-2022-6445

Malicious code in techdocs-cli-embedded-app (npm)

Published Jun 20, 2022
MAL-2023-311

Malicious code in errorboosterclient (npm)

Published Jan 30, 2023
MAL-2025-2717

Malicious code in vistar-ad-clienttestadv4 (npm)

Published Mar 25, 2025
MAL-2025-165

Malicious code in bbc-http-client (npm)

Published Jan 20, 2025
MAL-2025-47932

Malicious code in swagger-cli-express (npm)

Published Oct 7, 2025
MAL-2022-1874

Malicious code in chainlink-api-client (npm)

Published Jun 20, 2022
MAL-2022-1925

Malicious code in client-recommendation (npm)

Published Jun 20, 2022
MAL-2025-191028

Malicious code in @lessondesk/electron-group-api-client (npm)

Published Nov 24, 2025
MAL-2022-7406

Malicious code in zmp-cli-dev (npm)

Published Jun 20, 2022
MAL-2025-191076

Malicious code in blinqio-executions-cli (npm)

Published Nov 24, 2025
MAL-2026-3068

Malicious code in @sbt_gitverse/analytics-client (npm)

Published Apr 25, 2026
MAL-2025-1074

Malicious code in climate-tokenization-engine-ui (npm)

Published Feb 3, 2025
MAL-2023-1017

Malicious code in ory-hydra-mock-oauth2-client (npm)

Published Jul 31, 2023
MAL-2025-824

Malicious code in dvpawebwidgetsdetailspageclient (npm)

Published Feb 3, 2025
MAL-2025-7128

Malicious code in @clickhouse-team/backup-components (npm)

Published Aug 14, 2025
MAL-2025-7129

Malicious code in @clickhouse-team/clickhouse-backups-plugin (npm)

Published Aug 14, 2025
MAL-2025-190742

Malicious code in @kvytech/cli (npm)

Published Nov 24, 2025
MAL-2022-1560

Malicious code in bi-client-sdk (npm)

Published Aug 17, 2022
MAL-2023-554

Malicious code in kikimrclient (npm)

Published Jan 30, 2023
MAL-2025-7979

Malicious code in @funnel-analysis/isengard-client (npm)

Published Aug 14, 2025
MAL-2026-1961

Malicious code in novi-cli (npm)

Published Mar 20, 2026
MAL-2023-614

Malicious code in n-messaging-client (npm)

Published Jul 16, 2023
MAL-2022-1815

Malicious code in calling-stateful-client (npm)

Published Jun 20, 2022
MAL-2025-2560

Malicious code in n11-web-client (npm)

Published Mar 20, 2025
MAL-2023-1456

Malicious code in 1ds-cli (npm)

Published Aug 14, 2023
MAL-2026-617

Malicious code in roots-cms-client (npm)

Published Jan 31, 2026
MAL-2024-1292

Malicious code in sid-client-manager (npm)

Published Apr 22, 2024
MAL-2022-5377

Malicious code in plywood-clickhouse-requester (npm)

Published Jun 20, 2022
MAL-2023-1477

Malicious code in miro-api-clients (npm)

Published Aug 15, 2023
MAL-2026-307

Malicious code in sd-conversation-history-module-client (npm)

Published Jan 16, 2026
MAL-2026-308

Malicious code in sd-navbar-module-client (npm)

Published Jan 16, 2026
MAL-2026-3147

Malicious code in coinmate-typescript-client (npm)

Published Apr 29, 2026
MAL-2022-4854

Malicious code in nim-status-client (npm)

Published Jun 20, 2022
MAL-2023-1482

Malicious code in skills-strategy-client (npm)

Published Aug 15, 2023
MAL-2026-978

Malicious code in microsoft-cms-client (npm)

Published Feb 21, 2026
MAL-2023-1544

Malicious code in @rsi-core-services/rsi-authorization-client (npm)

Published Aug 22, 2023
MAL-2022-7037

Malicious code in wallet-cli-tools (npm)

Published Jun 20, 2022
MAL-2023-181

Malicious code in clientcore-models-catalyst (npm)

Published Mar 15, 2023
MAL-2023-182

Malicious code in clientcore-onesrv-businesslogic (npm)

Published Mar 15, 2023
MAL-2023-183

Malicious code in clientcore-onesrv-serviceclients (npm)

Published Mar 15, 2023
MAL-2022-4021

Malicious code in jet-client (npm)

Published Jun 20, 2022
MAL-2025-192581

Malicious code in sds-oauth-client (npm)

Published Dec 16, 2025
MAL-2022-7181

Malicious code in wixstore-client-worker (npm)

Published Jun 20, 2022
MAL-2025-47580

Malicious code in area_cliente_front (npm)

Published Sep 23, 2025
MAL-2022-6179

Malicious code in smithy-client (npm)

Published Jun 20, 2022
MAL-2025-192695

Malicious code in ivx-cloud-client-v1 (npm)

Published Dec 22, 2025
MAL-2025-48448

Malicious code in isg-iwp-web-client (npm)

Published Oct 17, 2025
MAL-2024-11111

Malicious code in transify-helper-cli (npm)

Published Nov 27, 2024
MAL-2023-989

Malicious code in yandex-passport-vault-client (npm)

Published Jan 30, 2023
MAL-2022-6336

Malicious code in studiolabs-cli (npm)

Published Jun 20, 2022
MAL-2022-4617

Malicious code in mitui-base-client (npm)

Published Jun 20, 2022
MAL-2026-1194

Malicious code in cmc-client (npm)

Published Mar 3, 2026
MAL-2023-628

Malicious code in node-click (npm)

Published Apr 18, 2023
MAL-2025-1379

Malicious code in telegramclient-sdk (npm)

Published Feb 13, 2025
MAL-2024-47

Malicious code in ember-cli-progress-ci (npm)

Published Jan 7, 2024
MAL-2025-2157

Malicious code in @adminproxy/module-utils-client (npm)

Published Mar 5, 2025
MAL-2022-3831

Malicious code in ing-open-banking-cli (npm)

Published Jun 20, 2022
MAL-2022-391

Malicious code in @logistics-frontend/client-core (npm)

Published May 31, 2022
MAL-2022-3457

Malicious code in grenache-nodejs-example-fib-client (npm)

Published Jun 20, 2022
MAL-2022-3978

Malicious code in it-advisor-webclient (npm)

Published Jun 20, 2022
MAL-2026-1677

Malicious code in chai-cli-async (npm)

Published Mar 18, 2026
MAL-2026-1712

Malicious code in dotenv-mono-cli (npm)

Published Mar 18, 2026
MAL-2025-2390

Malicious code in needlecast_prodeng_bfg_ui_consumerclient (npm)

Published Mar 14, 2025
MAL-2023-7931

Malicious code in career-service-client (npm)

Published Aug 16, 2023
MAL-2023-7941

Malicious code in your-dpd-rest-api-client (npm)

Published Aug 28, 2023
MAL-2025-4050

Malicious code in discord-clients (npm)

Published May 20, 2025
MAL-2026-2575

Malicious code in @ascend-ops/web-client (npm)

Published Apr 13, 2026
MAL-2022-908

Malicious code in aio-cli-config (npm)

Published Jun 20, 2022
MAL-2025-3226

Malicious code in @mlbtv-clients/isu (npm)

Published Apr 17, 2025
MAL-2023-1305

Malicious code in stateful-fastclick (npm)

Published May 1, 2023
MAL-2022-3572

Malicious code in hb-websocket-client (npm)

Published Jun 20, 2022
MAL-2025-3593

Malicious code in client-utility-module (npm)

Published May 3, 2025
MAL-2022-2970

Malicious code in faust-nx-cli (npm)

Published Sep 12, 2022
MAL-2023-18

Malicious code in 3commas-api-client (npm)

Published Apr 11, 2023
MAL-2023-180

Malicious code in clientcore-catalyst-businesslogic (npm)

Published Mar 15, 2023
MAL-2023-184

Malicious code in climate-warehouse (npm)

Published Feb 2, 2023
MAL-2026-1545

Malicious code in dazaar-cli (npm)

Published Mar 16, 2026
MAL-2025-3717

Malicious code in gql-test-client (npm)

Published May 5, 2025
MAL-2022-5101

Malicious code in openstack-api-client (npm)

Published Jun 20, 2022
MAL-2022-3584

Malicious code in health-bot-onboarding-client (npm)

Published Jun 20, 2022
MAL-2026-629

Malicious code in client-desktop-web-installer (npm)

Published Feb 2, 2026
MAL-2022-5174

Malicious code in p4clients (npm)

Published Jun 20, 2022
MAL-2024-11218

Malicious code in openpass-sample-sites-client-js-sdk (npm)

Published Dec 6, 2024
MAL-2022-2987

Malicious code in fe-avaya-chat-client (npm)

Published Jun 20, 2022
MAL-2023-8446

Malicious code in airslate-api-client (npm)

Published Nov 6, 2023
MAL-2022-2300

Malicious code in cyclic-dep-1 (npm)

Published Jun 20, 2022
MAL-2025-1206

Malicious code in appqos-client (npm)

Published Feb 3, 2025
MAL-2025-48605

Malicious code in near-abi-client-js (npm)

Published Oct 26, 2025
MAL-2022-793

Malicious code in @zeos-libs/auth-client (npm)

Published Jun 20, 2022
MAL-2022-794

Malicious code in @zipmex/events-stream-client (npm)

Published Jun 20, 2022
MAL-2025-1552

Malicious code in flow-inflation-client (npm)

Published Feb 23, 2025
MAL-2022-755

Malicious code in @xvideos/client (npm)

Published Jun 20, 2022
MAL-2023-8599

Malicious code in nextcapital-client-demo (npm)

Published Nov 23, 2023
MAL-2022-756

Malicious code in @xvideos/client-api (npm)

Published Jun 20, 2022
MAL-2025-5060

Malicious code in sitewidesearch-client (npm)

Published Jun 13, 2025
MAL-2025-1604

Malicious code in keymakerclientapi (npm)

Published Feb 28, 2025
MAL-2025-5677

Malicious code in cli-wasm (npm)

Published Jul 9, 2025
MAL-2023-916

Malicious code in typeahead-client-logger (npm)

Published Jul 6, 2023
MAL-2023-1513

Malicious code in business_api_client (npm)

Published Aug 21, 2023
MAL-2024-7942

Malicious code in click-action-framework (npm)

Published Aug 7, 2024
MAL-2023-955

Malicious code in wagyu-cli (npm)

Published May 11, 2023
MAL-2023-178

Malicious code in clientcore-base-businesslogic (npm)

Published Mar 15, 2023
MAL-2024-8014

Malicious code in @live-backstage/client (npm)

Published Aug 11, 2024
MAL-2023-23

Malicious code in @ans-exam/client (npm)

Published Jun 20, 2023
MAL-2025-190802

Malicious code in @caretive/caret-cli (npm)

Published Nov 24, 2025
MAL-2023-994

Malicious code in yandex-yt-transfer-manager-client (npm)

Published Jan 30, 2023
MAL-2026-1687

Malicious code in chain-cli-promised (npm)

Published Mar 18, 2026
MAL-2022-3763

Malicious code in icv2-plugin-client (npm)

Published Jun 20, 2022
MAL-2022-5390

Malicious code in pod-api-client (npm)

Published Jun 20, 2022
MAL-2024-10433

Malicious code in gnache-cli (npm)

Published Nov 6, 2024
MAL-2022-3812

Malicious code in influxdb-client-examples (npm)

Published May 31, 2022
MAL-2025-191084

Malicious code in csv-tool-cli (npm)

Published Nov 24, 2025
MAL-2022-3209

Malicious code in freekws-devportal-api-client-angular (npm)

Published Aug 22, 2022
MAL-2022-3210

Malicious code in freekws-devportal-api-client-nestjs (npm)

Published Aug 22, 2022
MAL-2022-3213

Malicious code in frn-api-client (npm)

Published Jun 20, 2022
MAL-2025-191118

Malicious code in kinvey-cli-wrapper (npm)

Published Nov 24, 2025
MAL-2024-10771

Malicious code in pvct-cli (npm)

Published Nov 15, 2024
MAL-2026-2364

Malicious code in env-node-cli (npm)

Published Mar 24, 2026
MAL-2024-10772

Malicious code in quality-cli (npm)

Published Nov 15, 2024
MAL-2023-792

Malicious code in speedtestcliz (npm)

Published Jan 18, 2023
MAL-2022-5647

Malicious code in react-full-stack-starter-client (npm)

Published Jun 20, 2022
MAL-2024-10903

Malicious code in clarity-vs-code-web-client (npm)

Published Nov 24, 2024
MAL-2024-9219

Malicious code in cli-command-with-alias (npm)

Published Oct 10, 2024
MAL-2023-8464

Malicious code in share-client (npm)

Published Nov 6, 2023
MAL-2024-10987

Malicious code in monorepo-release-cli (npm)

Published Nov 27, 2024
MAL-2022-5720

Malicious code in reddit-client-lib (npm)

Published Jun 20, 2022
MAL-2023-8488

Malicious code in resume-sourcing-nodejs-client-credentials (npm)

Published Nov 9, 2023
MAL-2024-11046

Malicious code in journey-client-reactor (npm)

Published Nov 27, 2024
MAL-2022-5729

Malicious code in ref-client-ui (npm)

Published Jun 20, 2022
MAL-2025-1186

Malicious code in twenty7tec_client (npm)

Published Feb 3, 2025
MAL-2024-10306

Malicious code in creative_design_client (npm)

Published Nov 1, 2024
MAL-2024-10758

Malicious code in mdap-cli (npm)

Published Nov 14, 2024
MAL-2022-4111

Malicious code in karma-puppeteer-client (npm)

Published Jun 20, 2022
MAL-2025-190945

Malicious code in @posthog/clickhouse (npm)

Published Nov 24, 2025
MAL-2024-11862

Malicious code in 32red-api-client (npm)

Published Dec 15, 2024
MAL-2025-191140

Malicious code in piclite (npm)

Published Nov 24, 2025
MAL-2025-191211

Malicious code in @dev-blinq/blinqioclient (npm)

Published Nov 25, 2025
MAL-2024-11950

Malicious code in client-admin (npm)

Published Dec 19, 2024
MAL-2024-11952

Malicious code in client-cloud-phone (npm)

Published Dec 19, 2024
MAL-2024-11953

Malicious code in client-consent (npm)

Published Dec 19, 2024
MAL-2024-11954

Malicious code in client-data (npm)

Published Dec 19, 2024
MAL-2024-11955

Malicious code in client-mpa (npm)

Published Dec 19, 2024
MAL-2024-11988

Malicious code in gps-gateway-client (npm)

Published Dec 19, 2024
MAL-2025-191450

Malicious code in @axinom/mosaic-cli (npm)

Published Nov 25, 2025
MAL-2025-191568

Malicious code in client-6wr4qk (npm)

Published Dec 1, 2025
MAL-2024-12095

Malicious code in id-assert-authz-grant-client (npm)

Published Dec 22, 2024
MAL-2022-5976

Malicious code in sdk-client (npm)

Published Jun 20, 2022
MAL-2024-12178

Malicious code in @dz-lib/dz-cli (npm)

Published Dec 18, 2024
MAL-2022-6030

Malicious code in service-client-ebay (npm)

Published Sep 14, 2022
MAL-2022-3379

Malicious code in gitlab-linter-cli (npm)

Published Jun 20, 2022
MAL-2024-8089

Malicious code in subspace-chatbot-cli (npm)

Published Aug 29, 2024
MAL-2022-3391

Malicious code in globo-ab-client (npm)

Published Jun 20, 2022
MAL-2022-4242

Malicious code in kvsclient (npm)

Published Jun 20, 2022
MAL-2022-6076

Malicious code in sharded-redis-client (npm)

Published Jun 20, 2022
MAL-2025-3784

Malicious code in webpack-cli-v4 (npm)

Published May 14, 2025
MAL-2022-6096

Malicious code in shopify-cli-action (npm)

Published Jun 20, 2022
MAL-2022-6097

Malicious code in shopify-cli-extensions-test-utils (npm)

Published Jun 20, 2022
MAL-2022-3400

Malicious code in gnarclientweb (npm)

Published Jun 20, 2022
MAL-2025-4074

Malicious code in csat-client (npm)

Published May 21, 2025
MAL-2022-4437

Malicious code in lyft-service-plugin-service-client (npm)

Published Jun 20, 2022
MAL-2025-2740

Malicious code in @takamol/qiwa-api-client (npm)

Published Mar 28, 2025
MAL-2025-1465

Malicious code in ing-open-banking-cli-js (npm)

Published Feb 18, 2025
MAL-2025-190703

Malicious code in zapier-platform-cli (npm)

Published Nov 24, 2025
MAL-2022-5924

Malicious code in samples-cors-typescript-client (npm)

Published Jun 20, 2022
MAL-2025-3196

Malicious code in phpseclib (npm)

Published Apr 9, 2025
CVE-2026-25918

unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)

Published Feb 10, 2026
MAL-2025-47974

Malicious code in cli-color-ext (npm)

Published Oct 7, 2025
CVE-2024-45277MEDIUM

SAP HANA Node.js client package vulnerable to Prototype Pollution

Published Oct 8, 2024
CVE-2026-34841CRITICAL
Risk: 67.64/100

Axios npm Supply Chain Incident Impacting @usebruno/cli

Published Apr 2, 2026
CVE-2026-25535

jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions

Published Feb 19, 2026
MAL-2025-3500

Malicious code in needlecast_b9s_jewel_fyc_fe_client (npm)

Published Apr 28, 2025
MAL-2026-1584

Malicious code in wn-idv-persona-client (npm)

Published Mar 19, 2026
MAL-2025-3690

Malicious code in krnl-cli (npm)

Published May 7, 2025
MAL-2026-1878

Malicious code in wpt-client (npm)

Published Mar 18, 2026
MAL-2025-3724

Malicious code in client-aem-content-engine (npm)

Published May 11, 2025
MAL-2024-10518

Malicious code in pupeteer-cli (npm)

Published Nov 7, 2024
MAL-2025-190653

Malicious code in @asyncapi/cli (npm)

Published Nov 24, 2025
MAL-2022-914

Malicious code in airtable-client (npm)

Published Jun 20, 2022
MAL-2024-10668

Malicious code in http-long-poll-client (npm)

Published Nov 13, 2024
MAL-2025-3775

Malicious code in voting-client-js (npm)

Published May 12, 2025
MAL-2026-2416

Malicious code in oc-ccp-module-client (npm)

Published Mar 24, 2026
MAL-2026-2417

Malicious code in oc-navbar-module-client (npm)

Published Mar 24, 2026
MAL-2025-190768

Malicious code in devstart-cli (npm)

Published Nov 24, 2025
MAL-2025-3783

Malicious code in webpack-cli-4 (npm)

Published May 14, 2025
MAL-2025-3819

Malicious code in auth0-guardian-management-client (npm)

Published May 15, 2025
MAL-2026-2600

Malicious code in cms-site-api-js-client (npm)

Published Apr 13, 2026
MAL-2025-191458

Malicious code in @medusajs/medusa-oas-cli (npm)

Published Nov 24, 2025
MAL-2025-3880

Malicious code in cube-sign-cli (npm)

Published May 16, 2025
MAL-2024-1319

Malicious code in clistsy-node (npm)

Published May 2, 2024
CVE-2026-30956

OneUptime has authorization bypass via client‑controlled is-multi-tenant-query header that leads to cross‑tenant data exposure and account takeover

Published Mar 10, 2026
MAL-2025-4027

Malicious code in stencil-cli (npm)

Published May 19, 2025
MAL-2025-2063

Malicious code in safe-client-gateway (npm)

Published Mar 4, 2025
GHSA-w937-fg2h-xhq2

locize Client SDK: Cross-origin DOM XSS & Handler Hijack Through Missing e.origin Validation in InContext Editor

Published Apr 22, 2026
CVE-2016-10560HIGH

Downloads Resources over HTTP in galenframework-cli

Published Feb 18, 2019
MAL-2025-4305

Malicious code in blog-client (npm)

Published May 23, 2025
CVE-2017-16217HIGH

Directory Traversal in fbr-client

Published Jul 23, 2018
MAL-2025-4311

Malicious code in client-authentication-module (npm)

Published May 23, 2025
MAL-2025-4312

Malicious code in client-controls-module (npm)

Published May 23, 2025
GHSA-r2c6-8jc8-g32w

Duplicate Advisory: 1-Click RCE via Authentication Token Exfiltration From gatewayUrl

Published Feb 2, 2026
MAL-2022-1922

Malicious code in cli-tabkle2 (npm)

Published Aug 19, 2022
MAL-2022-2207

Malicious code in cors-typescript-client (npm)

Published Jun 20, 2022
MAL-2022-4515

Malicious code in mbed-js-simple-client (npm)

Published Jun 20, 2022
MAL-2022-6002

Malicious code in selfservicedesk-client (npm)

Published Jun 20, 2022
MAL-2023-805

Malicious code in sssssssignalr-temp-client (npm)

Published Jul 17, 2023
MAL-2025-41556

Malicious code in eslint-validation-cli (npm)

Published Aug 28, 2025
MAL-2025-42049

Malicious code in oclif-dev (npm)

Published Aug 29, 2025
MAL-2025-4726

Malicious code in connectnodewebclient (npm)

Published Jun 9, 2025
MAL-2025-7948

Malicious code in @frozen-team-qa/axios-client (npm)

Published Aug 14, 2025
MAL-2026-2415

Malicious code in oc-aa-module-client (npm)

Published Mar 24, 2026
MAL-2024-9170

Malicious code in new-script-clipox-gt-a-v-h-a-c-k-mon-ey-tp-guns-esp-vehicles-more-1-52-undetected-2023-6yc1p7 (npm)

Published Oct 9, 2024
MAL-2026-3204

Malicious code in intercom-client (npm)

Published Apr 30, 2026
MAL-2024-1622

Malicious code in @corraldev/cli (npm)

Published Jun 17, 2024
MAL-2024-2834

Malicious code in pap-client (npm)

Published Jun 25, 2024
MAL-2026-1823

Malicious code in proleis-rest-client (npm)

Published Mar 18, 2026
MAL-2025-630

Malicious code in telegramclient-utils (npm)

Published Jan 30, 2025
MAL-2025-191449

Malicious code in @accordproject/markdown-cli (npm)

Published Nov 25, 2025
MAL-2025-47529

Malicious code in @sev-ui-verse/axios-client (npm)

Published Sep 25, 2025
MAL-2026-543

Malicious code in tailwind-components-cli (npm)

Published Jan 27, 2026
MAL-2025-1476

Malicious code in @idps/contrib-client (npm)

Published Feb 19, 2025
MAL-2025-4865

Malicious code in processwithcloudevents-client (npm)

Published Jun 10, 2025
MAL-2026-76

Malicious code in open-telemetry-mini-client (npm)

Published Jan 6, 2026
MAL-2025-48762

Malicious code in shutterstock-cli (npm)

Published Oct 22, 2025
MAL-2025-1606

Malicious code in lsp-sample-client (npm)

Published Feb 28, 2025
MAL-2026-1187

Malicious code in @twilio-client/twilio-client (npm)

Published Mar 3, 2026
MAL-2026-1941

Malicious code in client-hash-sdk (npm)

Published Mar 20, 2026
MAL-2026-1944

Malicious code in couplus-cli (npm)

Published Mar 20, 2026
MAL-2025-702

Malicious code in checkmkwebapiclient (npm)

Published Jan 31, 2025
MAL-2025-190789

Malicious code in zuper-cli (npm)

Published Nov 24, 2025
MAL-2025-191064

Malicious code in arc-cli-fc (npm)

Published Nov 24, 2025
MAL-2025-192926

Malicious code in @airtel-web/clickstream (npm)

Published Dec 24, 2025
MAL-2025-47544

Malicious code in @sev-ui-verse/react-query-client (npm)

Published Sep 25, 2025
MAL-2025-2644

Malicious code in asset_cli_tool (npm)

Published Mar 25, 2025
MAL-2025-4368

Malicious code in kyutai-client (npm)

Published May 23, 2025
MAL-2026-1929

Malicious code in @aifabrix/miso-client (npm)

Published Mar 19, 2026
MAL-2026-2362

Malicious code in env-express-cli (npm)

Published Mar 24, 2026
MAL-2026-437

Malicious code in lumo-api-client (npm)

Published Jan 21, 2026
MAL-2026-303

Malicious code in sd-active-conversation-module-client (npm)

Published Jan 16, 2026
MAL-2026-304

Malicious code in sd-agent-toolbar-module-client (npm)

Published Jan 16, 2026
MAL-2025-4976

Malicious code in client-vue3-dev (npm)

Published Jun 15, 2025
MAL-2026-290

Malicious code in kc-fe-cli (npm)

Published Jan 16, 2026
MAL-2026-853

Malicious code in node-dotenv-cli (npm)

Published Feb 11, 2026
Check your entire dependency tree at onceRun dependency scan →