gm
105 known vulnerabilities · 0 critical · 1 high
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)
Malicious code in down-lo-ad-now-zip-mp3-sonic-nurse-a1wgm-jqylaq (npm)
h3 has a Path Traversal via Percent-Encoded Dot Segments in serveStatic Allows Arbitrary File Read
Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled
Malicious code in base-figma-docs (npm)
Malicious code in @fbsystem/figma-graphql (npm)
Malicious code in figma-plugins-and-widgets (npm)
h3: Double Decoding in `serveStatic` Bypasses `resolveDotSegments` Path Traversal Protection via `%252e%252e`
Malicious code in wagmi-ethers-connectors (npm)
Malicious code in qjgmalnsxuprwktd (npm)
Malicious code in ezdklvixgmnfjphu (npm)
Malicious code in bvnqfwugmzyrkhol (npm)
Malicious code in dgse-tools-mgm-elf-helper (npm)
Malicious code in @fbsystem/figma-messenger (npm)
Malicious code in situs-slot-kakek-petir-slot-zeus-pragmaticplay-gampang-menang (npm)
Malicious code in matchmaking-mgmt (npm)
Malicious code in pragmaticplay-situs-slot-online-banyak-hoki-paling-terpercaya (npm)
Malicious code in situs-slot-gacor-pragmatic-play-dijamin-menang-tahun-2023 (npm)
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments
OpenClaw has gateway plugin auth bypass via encoded dot-segment traversal in protected /api/channels paths
Malicious code in bigmathutils-v2 (npm)
parse-server has GraphQL complexity validator exponential fragment traversal DoS
Malicious code in cardreadermgmtserv (npm)
Malicious code in pqnlgmtdifawekzu (npm)
Malicious code in hksnzojebplygmqi (npm)
Malicious code in figma-include-accessibility-annotations (npm)
Malicious code in wagmi-connectors (npm)
Malicious code in bigmathix (npm)
Malicious code in aoxqgmortgkgldq (npm)
Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes
Malicious code in fca-gminh-kizz (npm)
Malicious code in @wegmans/fetlife-assets (npm)
Malicious code in videostreamingmanager (npm)
Malicious code in huangmingming-demo (npm)
Malicious code in spstargm (npm)
Malicious code in wagmi-demo (npm)
Malicious code in subscriptionmgmtserv (npm)
Malicious code in @gmgn/app-icons (npm)
Malicious code in puzzle-fragment (npm)
Malicious code in lvcahgmwzkduejrt (npm)
libxmljs has segmentation fault, potentially leading to a denial-of-service (DoS)
Malicious code in rgmedia (npm)
Malicious code in rgmedia21 (npm)
Malicious code in xbsrnfhgmvzuowpa (npm)
Malicious code in @jdei/codmi-figma-test (npm)
Malicious code in ty-fragment-core (npm)
Malicious code in bigmathlib (npm)
Malicious code in @gmelius/fetlife-assets (npm)
Malicious code in bigmathex (npm)
Malicious code in @augmentor/experiences (npm)
Malicious code in bigmoneymaker (npm)
Malicious code in wegmae_act (npm)
Malicious code in mcp-server-figma (npm)
ws: Memory exhaustion DoS from tiny fragments and data chunks
Malicious code in dynsegmentationserv (npm)
Malicious code in figma-d2c-utils (npm)
Malicious code in adobetagmanager (npm)
Malicious code in @bitmex-frontend-team/segment-analytics (npm)
Malicious code in @12build/segment-js-sdk (npm)
Malicious code in hnyzaklqkgmobdcv (npm)
Malicious code in huobi-bigmac-component (npm)
Malicious code in fgmkvwqxdyhbekor (npm)
Malicious code in reasonix-plugmem (npm)
Malicious code in figma-intern-shell (npm)
Malicious code in figma-ping (npm)
Malicious code in figma-scripts (npm)
Malicious code in polaris-for-figma (npm)
Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
Malicious code in fzsknvyeqakgmuip (npm)
Paperclip: codex_local inherited ChatGPT/OpenAI-connected Gmail and was able to send real email
figma-developer-mcp vulnerable to command injection in get_figma_data tool
Malicious code in jtuiwqgmxkhyvecp (npm)
Malicious code in jvgmepykdwfrqali (npm)
Malicious code in kdcigmofhvsurayj (npm)
Malicious code in mediafragment (npm)
Malicious code in ipxksnruvewdzbgm (npm)
Malicious code in segmentrequestmanager (npm)
Malicious code in gm-kilo (npm)
NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin
Malicious code in sample-schema-mgmt (npm)
Malicious code in gme-loblawsinc (npm)
Malicious code in multiplesegmentsprovider (npm)
Malicious code in sess-mgmt (npm)
h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes
Malicious code in wagmi-toolkit (npm)
Malicious code in dowload_ebok_the_upside_of_unrequited_by_becky_albertalli_2jgmw (npm)
Malicious code in ml-interactive-data-augmentation (npm)
Malicious code in @lbnqduy11805/potential-octo-enigma (npm)
Malicious code in subnplanmgmtserv (npm)
fast-uri vulnerable to path traversal via percent-encoded dot segments
dottie is vulnerable to Prototype Pollution bypass via non-first path segments in set() and transform()
Malicious code in @fbsystem/figma-intern-shell (npm)
Malicious code in jingmeideshishi (npm)
Malicious code in segment-anything-mini-demo (npm)
Malicious code in contactbookmgmtserv (npm)
Malicious code in etnhjzgmfwbocvqp (npm)
Malicious code in sigma-errors (npm)
Malicious code in sigma-payment (npm)
undici WebSocket client vulnerable to denial of service via cumulative fragment bypass
OpenClaw: Workspace .env CLOUDSDK_PYTHON could influence Gmail setup gcloud execution
undici WebSocket client vulnerable to denial of service via fragment count bypass
Malicious code in wagmi-toolkits (npm)
Malicious code in @mastra/longmemeval (npm)