OsVault/npm/gm
npm

gm

90 known vulnerabilities · 0 critical · 1 high

CVE-2015-7982

Command Injection in gm

Published Sep 1, 2020
MAL-2025-3926

Malicious code in wagmi-ethers-connectors (npm)

Published May 16, 2025
CVE-2025-27109

Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)

Published Feb 25, 2025
MAL-2024-9358

Malicious code in down-lo-ad-now-zip-mp3-sonic-nurse-a1wgm-jqylaq (npm)

Published Oct 16, 2024
GHSA-wr4h-v87w-p3r7

h3 has a Path Traversal via Percent-Encoded Dot Segments in serveStatic Allows Arbitrary File Read

Published Mar 18, 2026
CVE-2026-30854

Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled

Published Mar 9, 2026
MAL-2022-1466

Malicious code in base-figma-docs (npm)

Published Jun 20, 2022
MAL-2022-266

Malicious code in @fbsystem/figma-graphql (npm)

Published Jun 20, 2022
CVE-2016-1000228

DOM-based XSS in gmail-js

Published Sep 1, 2020
MAL-2025-1647

Malicious code in figma-plugins-and-widgets (npm)

Published Mar 1, 2025
GHSA-72gr-qfp7-vwhw

h3: Double Decoding in `serveStatic` Bypasses `resolveDotSegments` Path Traversal Protection via `%252e%252e`

Published Mar 20, 2026
MAL-2022-3650

Malicious code in hnyzaklqkgmobdcv (npm)

Published Jul 12, 2022
MAL-2022-268

Malicious code in @fbsystem/figma-messenger (npm)

Published Jun 20, 2022
MAL-2022-2950

Malicious code in ezdklvixgmnfjphu (npm)

Published Jul 11, 2022
CVE-2026-27903

minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments

Published Feb 26, 2026
MAL-2022-1736

Malicious code in bvnqfwugmzyrkhol (npm)

Published Jul 11, 2022
MAL-2022-2464

Malicious code in dgse-tools-mgm-elf-helper (npm)

Published May 19, 2022
MAL-2023-8348

Malicious code in situs-slot-kakek-petir-slot-zeus-pragmaticplay-gampang-menang (npm)

Published Oct 12, 2023
MAL-2022-4489

Malicious code in matchmaking-mgmt (npm)

Published Jul 29, 2022
MAL-2023-8343

Malicious code in pragmaticplay-situs-slot-online-banyak-hoki-paling-terpercaya (npm)

Published Oct 12, 2023
MAL-2023-8346

Malicious code in situs-slot-gacor-pragmatic-play-dijamin-menang-tahun-2023 (npm)

Published Oct 12, 2023
GHSA-gqqj-85qm-8qhf

Paperclip: codex_local inherited ChatGPT/OpenAI-connected Gmail and was able to send real email

Published Apr 16, 2026
MAL-2024-9435

Malicious code in wagmi-toolkits (npm)

Published Oct 18, 2024
CVE-2026-32036

OpenClaw has gateway plugin auth bypass via encoded dot-segment traversal in protected /api/channels paths

Published Mar 3, 2026
CVE-2025-15061

figma-developer-mcp vulnerable to command injection in get_figma_data tool

Published Sep 30, 2025
MAL-2026-1182

Malicious code in bigmathutils-v2 (npm)

Published Mar 3, 2026
MAL-2022-3642

Malicious code in hksnzojebplygmqi (npm)

Published Jul 11, 2022
MAL-2026-2738

Malicious code in cardreadermgmtserv (npm)

Published Apr 16, 2026
MAL-2022-5440

Malicious code in pqnlgmtdifawekzu (npm)

Published Jul 11, 2022
MAL-2023-8719

Malicious code in figma-include-accessibility-annotations (npm)

Published Dec 19, 2023
MAL-2024-9434

Malicious code in wagmi-connectors (npm)

Published Oct 18, 2024
MAL-2026-831

Malicious code in bigmathix (npm)

Published Feb 10, 2026
CVE-2026-27837

dottie is vulnerable to Prototype Pollution bypass via non-first path segments in set() and transform()

Published Feb 26, 2026
MAL-2022-1032

Malicious code in aoxqgmortgkgldq (npm)

Published Jun 20, 2022
MAL-2023-395

Malicious code in fca-gminh-kizz (npm)

Published Jul 12, 2023
MAL-2022-722

Malicious code in @wegmans/fetlife-assets (npm)

Published Jun 20, 2022
MAL-2022-6925

Malicious code in videostreamingmanager (npm)

Published Jun 20, 2022
MAL-2025-192744

Malicious code in huangmingming-demo (npm)

Published Dec 23, 2025
MAL-2023-954

Malicious code in wagmi-demo (npm)

Published Jun 13, 2023
MAL-2025-2060

Malicious code in subscriptionmgmtserv (npm)

Published Mar 4, 2025
MAL-2025-5853

Malicious code in @gmgn/app-icons (npm)

Published Jul 14, 2025
MAL-2026-2794

Malicious code in puzzle-fragment (npm)

Published Apr 16, 2026
MAL-2022-4426

Malicious code in lvcahgmwzkduejrt (npm)

Published Jul 11, 2022
CVE-2025-25341

libxmljs has segmentation fault, potentially leading to a denial-of-service (DoS)

Published Dec 26, 2025
MAL-2024-7466

Malicious code in rgmedia (npm)

Published Jul 11, 2024
MAL-2024-7467

Malicious code in rgmedia21 (npm)

Published Jul 11, 2024
MAL-2022-7263

Malicious code in xbsrnfhgmvzuowpa (npm)

Published Jul 11, 2022
MAL-2025-48541

Malicious code in @jdei/codmi-figma-test (npm)

Published Oct 21, 2025
MAL-2026-2104

Malicious code in ty-fragment-core (npm)

Published Mar 23, 2026
MAL-2022-5547

Malicious code in qjgmalnsxuprwktd (npm)

Published Jul 11, 2022
MAL-2022-267

Malicious code in @fbsystem/figma-intern-shell (npm)

Published Jun 20, 2022
MAL-2025-192598

Malicious code in bigmathlib (npm)

Published Dec 16, 2025
MAL-2022-2880

Malicious code in etnhjzgmfwbocvqp (npm)

Published Jul 11, 2022
MAL-2022-291

Malicious code in @gmelius/fetlife-assets (npm)

Published Jun 20, 2022
MAL-2025-192983

Malicious code in bigmathex (npm)

Published Dec 30, 2025
MAL-2025-2050

Malicious code in segment-anything-mini-demo (npm)

Published Mar 3, 2025
MAL-2026-1317

Malicious code in @augmentor/experiences (npm)

Published Mar 10, 2026
MAL-2025-2364

Malicious code in bigmoneymaker (npm)

Published Mar 14, 2025
MAL-2022-7116

Malicious code in wegmae_act (npm)

Published Jun 20, 2022
MAL-2025-2749

Malicious code in contactbookmgmtserv (npm)

Published Mar 28, 2025
MAL-2024-9231

Malicious code in dynsegmentationserv (npm)

Published Oct 10, 2024
MAL-2022-122

Malicious code in @bitmex-frontend-team/segment-analytics (npm)

Published Jun 20, 2022
MAL-2022-868

Malicious code in adobetagmanager (npm)

Published Jun 20, 2022
MAL-2022-3722

Malicious code in huobi-bigmac-component (npm)

Published Jun 20, 2022
MAL-2023-22

Malicious code in @12build/segment-js-sdk (npm)

Published Apr 3, 2023
MAL-2022-3023

Malicious code in fgmkvwqxdyhbekor (npm)

Published Jul 11, 2022
MAL-2023-440

Malicious code in figma-ping (npm)

Published Jun 29, 2023
MAL-2022-3029

Malicious code in figma-intern-shell (npm)

Published Jun 20, 2022
MAL-2022-3030

Malicious code in figma-scripts (npm)

Published Jun 20, 2022
MAL-2022-5399

Malicious code in polaris-for-figma (npm)

Published Jun 20, 2022
MAL-2022-3953

Malicious code in ipxksnruvewdzbgm (npm)

Published Jul 11, 2022
MAL-2022-3260

Malicious code in fzsknvyeqakgmuip (npm)

Published Jul 11, 2022
MAL-2022-4082

Malicious code in jtuiwqgmxkhyvecp (npm)

Published Jul 11, 2022
MAL-2022-4087

Malicious code in jvgmepykdwfrqali (npm)

Published Jul 11, 2022
MAL-2022-4135

Malicious code in kdcigmofhvsurayj (npm)

Published Jul 11, 2022
MAL-2024-12001

Malicious code in mediafragment (npm)

Published Dec 19, 2024
MAL-2022-5997

Malicious code in segmentrequestmanager (npm)

Published Jun 20, 2022
MAL-2024-147

Malicious code in sample-schema-mgmt (npm)

Published Jan 22, 2024
MAL-2022-3399

Malicious code in gme-loblawsinc (npm)

Published Jun 20, 2022
MAL-2024-9063

Malicious code in wagmi-toolkit (npm)

Published Oct 1, 2024
MAL-2022-4734

Malicious code in multiplesegmentsprovider (npm)

Published Jun 20, 2022
MAL-2025-4719

Malicious code in sess-mgmt (npm)

Published Jun 7, 2025
CVE-2026-33490

h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes

Published Mar 20, 2026
MAL-2024-11845

Malicious code in ml-interactive-data-augmentation (npm)

Published Dec 14, 2024
MAL-2024-1225

Malicious code in @lbnqduy11805/potential-octo-enigma (npm)

Published Apr 10, 2024
CVE-2026-34573HIGH
Risk: 37.52/100

parse-server has GraphQL complexity validator exponential fragment traversal DoS

Published Mar 31, 2026
MAL-2025-2059

Malicious code in subnplanmgmtserv (npm)

Published Mar 4, 2025
MAL-2024-8826

Malicious code in sigma-errors (npm)

Published Sep 5, 2024
MAL-2026-1969

Malicious code in spstargm (npm)

Published Mar 20, 2026
MAL-2025-723

Malicious code in sigma-payment (npm)

Published Feb 1, 2025
Check your entire dependency tree at onceRun dependency scan →