i

inflect vulnerable to Inefficient Regular Expression Complexity

@tinacms/graphql has a Path Traversal issue

Malicious code in @diotoborg/soluta-numquam-ipsam (npm)

Malicious code in @diotoborg/suscipit-amet (npm)

Code injection in port-killer

Cross-site scripting in react-bootstrap-table

SCEditor has DOM XSS via emoticon URL/HTML injection

Unexpected server crash in Next.js.

Malicious code in iifl_api (npm)

Malicious code in diil-front (npm)

Malicious code in agora-rtc-web (npm)

Pug allows JavaScript code execution if an application accepts untrusted input

Malicious code in jssdk-infrastructure (npm)

is-http2 vulnerable to Improper Input Validation

Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up

Malicious code in kraken-dev (npm)

Renovate affected by remote code execution was possible using the bazel-module or bazelisk managers, when using lockFileMaintenance

Malicious code in caspets (npm)

Malicious code in ampersend-mymove (npm)

Malicious code in cat-weather-widget (npm)

Prototype Pollution in chartkick

Malicious code in cd-system (npm)

Malicious code in ffwebsite (npm)

Malicious code in @getstep/sdk (npm)

Malicious code in @tiaanduplessis/react-progressbar (npm)

Malicious code in feature-flip (npm)

Malicious code in yizhifabao60 (npm)

Malicious code in yizhifabao61 (npm)

Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)

Malicious code in bs58lite (npm)

node-opencv is malware

Erxes Path Traversal vulnerability

Unsafe object property setter in mathjs

linux-cmdline is vulnerable to Prototype Pollution via the constructor

deferred-exec Command Injection vulnerability

flatnest Prototype Pollution vulnerability

expr-eval vulnerable to Prototype Pollution

Prototype Pollution in dset

Malicious code in int_pinterest_sfra (npm)

Malicious code in gutenberg-ui (npm)

@sveltejs/adapter-node has a BODY_SIZE_LIMIT bypass

SQL Injection in sequelize

Malicious code in zzmaliciouspackage (npm)

OpenClaw: Untrusted workspace channel shadows could execute during built-in channel setup

Malicious code in tablegen (npm)

Malicious code in behat (npm)

Malicious code in cis-photoshop-api-docs (npm)

Malicious code in sddst-ui (npm)

Malicious code in sui-cctp (npm)

Directory Traversal in serverwg

Prototype Pollution in iniparserjs

OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment

Malicious code in onboarding-components (npm)

Path Traversal in takeapeek

Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Malicious code in ooflienro (npm)

Context isolation bypass in Electron

Prototype Pollution in Proto

Malicious code in secureshield4 (npm)

Malicious code in pages14.0.0_i18n (npm)

Malicious code in borsh-js (npm)

counterpart vulnerable to prototype pollution

Strapi Improper Rate Limiting vulnerability

Malicious code in @f2p-mml-frontends/mml-styles (npm)

Malicious code in dotgov-list (npm)

Malicious code in npm-manifest (npm)

Malicious code in @asyncapi/react-component (npm)

muhammara and hummus vulnerable to Unchecked Return Value to NULL Pointer Dereference

Malicious code in @posthog/rrweb-snapshot (npm)

Malicious code in @trigo/keycloak-api (npm)

Malicious code in react-library-setup (npm)

Prototype Pollution in set-value

Prototype Pollution in bmoor

Malicious code in @zapier/babel-preset-zapier (npm)

OS Command Injection in serial-number

tsup DOM Clobbering vulnerability

Path Traversal in mcstatic

easywebpack-cli Path Traversal vulnerability

JOSE vulnerable to resource exhaustion via specifically crafted JWE

Parsing issue in matrix-org/node-irc leading to room takeovers

tiny-csrf has openly visible CSRF tokens

Seroval affected by Denial of Service via Array serialization

Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection

Malicious code in wlwz-2312-7001 (npm)

OpenClaw's andbox browser noVNC observer lacked VNC authentication

@keystone-6/core's NODE_ENV defaults to development with esbuild

Improper beacon events in matrix-js-sdk can result in availability issues

OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR)

Malicious code in compare-obj (npm)

Malicious code in email-deliverability-tester (npm)

Malicious code in expressos (npm)

Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements

Paperclip: Cross-tenant agent API key IDOR in `/agents/:id/keys` routes allows full victim-company compromise

OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths

Handlebars.js has a Property Access Validation Bypass in container.lookup

fastify: request.protocol and request.host Spoofable via X-Forwarded-Proto/Host from Untrusted Connections

sqlite vulnerable to code execution due to Object coercion

a11y-mcp: Server-Side Request Forgery (SSRF) vulnerability in A11yServer function

nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit

Malicious code in benasin_logger (npm)

Malicious code in react-native-datepicker-modal (npm)

Malicious code in react-native-retriable-fetch (npm)

Malicious code in @seezo/sdr-mcp-server (npm)

Novu has a XSS sanitization bypass

parse-server's session object properties can be updated by foreign user if object ID is known

ghost vulnerable to unauthorized newsletter modification via improper access controls

Payload's SQLite adapter Session Fixation vulnerability

pdf-image has an OS Command Injection Vulnerability through its pdfFilePath parameter

Deserialization Code Execution in js-yaml

Malicious code in system-library-gameanalytics-common (npm)

angular vulnerable to regular expression denial of service via the <input type="url"> element

Malicious code in azure-arm-iothub-samples-ts (npm)

Malicious code in iv-build-utils (npm)

Malicious code in automation_model (npm)

Malicious code in babel-preset-kinvey-flex-service (npm)

OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes

Directory Traversal in nhouston

Malicious code in better-auth-nuxt (npm)

@nocobase/database has SQL Injection via String Concatenation through Recursive Eager Loading

SQL Injection in sequelize

Joplin Cross-site Scripting vulnerability

Malicious code in icons-mail (npm)

Malicious code in @portswigger/fetlife-assets (npm)

Malicious code in ozone-material (npm)

RSA signature validation vulnerability on maleable encoded message in jsrsasign

Remote code execution via MongoDB BSON parser through prototype pollution

Cross-Site Scripting in serve-index

Insecure Entropy Source - Math.random() in node-uuid

Malicious code in anypoint-component-site (npm)

Malicious code in who_mobile (npm)

Session fixation in fastify-passport

sequelize-typescript Prototype Pollution vulnerability

Malicious code in p224 (npm)

OpenClaw: Microsoft Teams media fetch paths bypass shared SSRF guard model

Malicious code in pergel (npm)

Malicious code in wallet-evm (npm)

Malicious code in test494 (npm)

Malicious code in @tinkoff-react-bui/checkbox-boxed (npm)

path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards

Actual Sync Server has an Authenticated Path Traversal

SQL Injection in sequelize

Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers

Malicious code in @accordproject/concerto-linter (npm)

liquidjs has a Denial of Service via circular block reference in layout

Malicious code in @accordproject/concerto-linter-default-ruleset (npm)

prebuild-lwip downloads Resources over HTTP

Malicious code in anyswap-rewards (npm)

Malicious code in sweet-ruin-immortals-after-dark-16-by-kresley-cole-on-audiobook-full-volumes- (npm)

Novu has SSRF via conditions filter webhook bypasses validateUrlSsrf() protection

OpenC3 stores passwords in clear text (`GHSL-2024-129`)

Sanitization bypass using HTML Entities in marked

Malicious code in pipedrive-embeddable-ringcentral-phone-spa (npm)

OS Command Injection in GenieACS

Flowise: Cypher Injection in GraphCypherQAChain

OS Command Injection in giting

Downloads Resources over HTTP in phantomjs-cheniu

Malicious code in @diotoborg/a-quas (npm)

Malicious code in schibsted-style (npm)

Malicious code in @alexcolls/nuxt-ux (npm)

Malicious code in @antstackio/shelbysam (npm)

Malicious code in prod_assets_web_modules (npm)

Malicious code in product-tools (npm)

string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS)

steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments

Malicious code in @diotoborg/ad-non (npm)

OpenClaw vulnerable to arbitrary file read via $include directive

OpenClaw: Path traversal via inbound channel attachment path in ACP dispatch allows arbitrary file read

keycloak-connect contains Open redirect vulnerability in the Node.js adapter

Malicious code in @oku-ui/alert-dialog (npm)

Malicious code in @oku-ui/presence (npm)

Malicious code in caas-canvas (npm)

Malicious code in kbc-ui.templates (npm)

Malicious code in stablecoin-aptos (npm)

Cross-Site Scripting in swagger-ui

Regular Expression Denial of Service (ReDoS) in lodash

Paperclip: Cross-tenant agent API token minting via missing assertCompanyAccess on /api/agents/:id/keys

Malicious code in @diotoborg/aliquam-fugit-culpa (npm)

Malicious code in @posthog/laudspeaker-plugin (npm)

Directory traversal in convert-svg-core

Malicious code in wlwz-2312-2305 (npm)

Malicious code in wlwz-2312-3807 (npm)

Malicious code in wlwz-2312-3908 (npm)

thenify before 3.3.1 made use of unsafe calls to `eval`.

Malicious code in quickswap-smart-order-router (npm)

Malicious code in @accordproject/concerto-analysis (npm)

es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`

Malicious code in @diotoborg/aperiam-cum (npm)

Malicious code in system-library-gameanalytics-slotanalytics (npm)

Malicious code in @diotoborg/ad-rerum (npm)

CSRF token fixation in fastify-passport

smb is malware

Cross-Site Scripting in sanitize-html

Malicious code in tcsp (npm)

@nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses

Prototype Pollution in merge-deep

Malicious code in @diotoborg/aspernatur-id (npm)

Malicious code in @diotoborg/aspernatur-in (npm)

Invalid Curve Attack in node-jose

Malicious code in tiptap-shadcn-vue (npm)

Malicious code in @diotoborg/dolorum-atque (npm)

Malicious code in @diotoborg/dolorum-autem (npm)

Malicious code in @diotoborg/natus-facere-esse (npm)

Malicious code in @diotoborg/nulla-optio (npm)

mc-kill-port vulnerable to Arbitrary Command Execution via kill function

Flowise: Sensitive Data Leak in public-chatbotConfig

Unrestricted Upload of File with Dangerous Type in Strapi

Malicious code in @diotoborg/assumenda-saepe-mollitia (npm)

Malicious code in bip40 (npm)

Malicious code in chai-jsons (npm)

Directory Traversal in serverliujiayi1

Directory Traversal in zjjserver

Malicious code in @kiwiiw/ez-lib (npm)

OpenClaw's commands.allowFrom sender authorization accepted conversation identifiers via ctx.From

pym.js CSRF Vulnerability

Prototype Pollution in node.extend

Auth0 angular-jwt misinterprets allowlist as regex

Malicious code in argocd-diff-action (npm)

Malicious code in @diotoborg/autem-dolor (npm)

Malicious code in @diotoborg/autem-id (npm)

Malicious code in accounts-base (npm)

Malicious code in wartsila-application-json (npm)

Malicious code in @accordproject/concerto-metamodel (npm)

Maker.js has Unsafe Property Copying in makerjs.extendObject

OpenClaw: busybox and toybox applet execution weakened exec approval binding

XSS Attack with Express API

Malicious code in @diotoborg/autem-vero (npm)

Malicious code in @bingads-webui-clientcenter/instrumentation (npm)

Regular expression denial of service in semver-regex

Path Traversal in node-srv

Malicious code in handtalk-test-app (npm)

Malicious code in @browserbasehq/stagehand-docs (npm)

Malicious code in @oku-ui/tabs (npm)

Malicious code in @productdevbook/auth (npm)

TinaCMS Vulnerable to Path Traversal Leading to Arbitrary File Read, Write and Delete

Miniflare vulnerable to Server-Side Request Forgery (SSRF)

Bootbox.js Cross Site Scripting vulnerability

Malicious code in aocrn (npm)

Malicious code in wlwz-2312-7200 (npm)

jQuery vulnerable to Cross-Site Scripting (XSS)

Malicious code in @voiceflow/nestjs-rate-limit (npm)

Malicious code in iife-sample (npm)

Malicious code in rediff-viewer (npm)

n8n Privilege Escalation vulnerability

Malicious code in revenuecat (npm)

OpenClaw has system.run shell-wrapper env injection via SHELLOPTS/PS4 can bypass allowlist intent (RCE)

Cross-site Scripting in epubjs

Cross Site Scripting (XSS) in plotly.js

Sandbox Breakout / Arbitrary Code Execution in safer-eval

SQL Injection in connect-pg-simple

Malicious code in mongodb-atlas-cli-toc-generator (npm)

sanitize-html is vulnerable to XSS through incomprehensive sanitization

Malicious code in mongodb-compass (npm)

Malicious code in mongodb-stitch-server-testutils (npm)

Malicious code in nnc-web (npm)

Malicious code in shell-exec (npm)

Malicious code in uniswap-router-sdk (npm)

@okta/oidc-middlewareOpen Redirect vulnerability

web3-utils Prototype Pollution vulnerability

ajv has ReDoS when using `$data` option

Denial of service in http-proxy-middleware

Cross-site scripting vulnerability in TinyMCE

Malicious code in hl-naduccio (npm)

Malicious code in bdesse (npm)

Malicious code in @diotoborg/corporis-quia (npm)

Malicious code in stream-xor-chain (npm)

Malicious code in chai-status (npm)

Malicious code in @diotoborg/corporis-repellat-dicta (npm)

Malicious code in babel-plugin-standalone (npm)

Malicious code in tensorfi-secure-hash (npm)

@grackle-ai/mcp has a workspace authorization bypass in its knowledge_search MCP tool

Improper Certificate Validation in xmlhttprequest-ssl

Malicious code in @diotoborg/culpa-at-cumque (npm)

Malicious code in kmf-cookieservice (npm)

Malicious code in pluxee-design-system (npm)

Malicious code in kubebuilder (npm)

Malicious code in kubernetes-controller-tools (npm)

Malicious code in markdownlint-cli2-action (npm)

Malicious code in solana-dexfi-suite (npm)

NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability

vm2 Sandbox Escape vulnerability

Jellyfin Web Cross-Site Scripting (XSS) via Playlist Name

CouchAuth host header injection vulnerability leaks the password reset token

Malicious code in jqxcore (npm)

Malicious code in redirect-5k9q5v (npm)

GenieACS has an unauthenticated access vulnerability via the NBI API endpoint

Missing proper state, nonce and PKCE checks for OAuth authentication

Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials

Malicious code in redirect-clrm2u (npm)

Orejime has executable code in HTML attributes

materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input

Malicious code in cln-logger (npm)

Malicious code in obvbd (npm)

Malicious code in @amber-team/storybook-utils (npm)

Replicator deserializes untrusted user input

Exposure of Sensitive Information in eventsource

OpenClaw: Multiple Code Paths Missing Base64 Pre-Allocation Size Checks

thlorenz browserify-shim vulnerable to prototype pollution

Malicious code in aoe_playstyle (npm)

Malicious code in karemm3 (npm)

Malicious code in elf-stats-fuzzy-fir-973 (npm)

Malicious code in @diotoborg/cum-saepe-minima (npm)

Malicious code in elf-stats-rooftop-stockpile-626 (npm)

Malicious code in elf-stats-aurora-candy-291 (npm)

Malicious code in elf-stats-aurora-garland-513 (npm)

Malicious code in @diotoborg/cum-ut-iure (npm)

Malicious code in elf-stats-aurora-workbench-513 (npm)

Path traversal in Node-RED-Dashboard

Regular Expression Denial of Service in dat.gui

web3-core-method is vulnerable to prototype pollution

Malicious code in elf-stats-bright-cushion-246 (npm)

Malicious code in elf-stats-candlelit-toy-571 (npm)

Malicious code in ap-election-adapter (npm)

Malicious code in @diotoborg/delectus-recusandae-aut (npm)

Malicious code in elf-stats-evergreen-chimney-857 (npm)

Malicious code in @diotoborg/delectus-voluptatibus (npm)

Malicious code in elf-stats-evergreen-sled-681 (npm)

Malicious code in @frozen-team-qa/types (npm)

Malicious code in @protos-team/frontend-server (npm)

Flowise Cross-site Scripting in api/v1/chatflows/id

Path Traversal in Ghost

Lack of URL normalization may lead to authorization bypass when URL access rules are used

isolated-vm has vulnerable CachedDataOptions in API

Broken Authentication in Atlassian Connect Express

OS Command Injection in node-mpv

Malicious code in @diotoborg/dicta-recusandae-veniam (npm)

Malicious code in @diotoborg/dignissimos-aliquam (npm)

Malicious code in elf-stats-flickering-candy-280 (npm)

Malicious code in elf-stats-flickering-fir-572 (npm)

Saltcorn's Reflected XSS and Command Injection vulnerabilities can be chained for 1-click-RCE

Svelte SSR does not validate dynamic element tag names in `<svelte:element>`

Malicious code in express-core-validator (npm)

LDAP Injection in is-user-valid

Malicious code in @omni-corp-infra/sso-bridge-core (npm)

Path Traversal in marscode

Malicious code in @tech-global/internal-gateway-core (npm)

Duplicate Advisory: Improper Verification of Cryptographic Signature

Malicious code in @diotoborg/dolor-earum-quia (npm)

RSSHub SSRF vulnerability

Malicious code in google-storage-cloud (npm)

Malicious code in elf-stats-lanternlit-sled-571 (npm)

Malicious code in @diotoborg/dolor-iure (npm)

Malicious code in elf-stats-merry-chimney-765 (npm)

Malicious code in internal-auth-provider (npm)

Malicious code in react-native-parallax-scroll-view-updated (npm)

Parse Server vulnerable to brute force guessing of user sensitive data via search patterns

Malicious code in api-routes-rest (npm)

Malicious code in @diotoborg/dolores-fugiat-autem (npm)

Malicious code in elf-stats-merry-cookiejar-754 (npm)

Malicious code in elf-stats-merry-cookiejar-915 (npm)

Cross-Site Scripting in iobroker.web

OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding

Arbitrary File Read in phantom-html-to-pdf

Malicious code in @bcs-adapters/core-adapter (npm)

Malicious code in @diotoborg/dolorum-dolorum (npm)

Open redirect in @auth0/nextjs-auth0

Downloads Resources over HTTP in selenium-download

Malicious code in @diotoborg/dolorum-ipsam (npm)

Malicious code in elf-stats-shimmering-workshop-590 (npm)

Server crashes on invalid Cloud Function or Cloud Job name

OS Command Injection in install-package

Malicious code in @diotoborg/dolorum-iste-excepturi (npm)

Malicious code in elf-stats-silvered-mitten-503 (npm)

Malicious code in yelp-react-component-photo-upload (npm)

Malicious code in pi-exa-mcp (npm)

Malicious code in pos-next-react-native (npm)

Malicious code in elf-stats-snowdusted-bauble-104 (npm)

Malicious code in shopify-draggable (npm)

Downloads Resources over HTTP in alto-saxophone

Malicious code in @diotoborg/eaque-illum-qui (npm)

Malicious code in @diotoborg/eaque-iste (npm)

pnpm vulnerable to Command Injection via environment variable substitution

Malicious code in elf-stats-snowdusted-fireplace-396 (npm)

Linkify Allows Prototype Pollution & HTML Attribute Injection (XSS)

XSS/HTML Injection Vulnerability in Umbraco Backoffice Components

Malicious code in elf-stats-snowdusted-saddlebag-790 (npm)

OpenClaw has a gateway exec allowlist allow-always bypass via unregistered /usr/bin/script wrapper

Cross-site Scripting in Joplin

Malicious code in temhe-dev (npm)

Malicious code in tinfoil-shops (npm)

OpenClaw: Unsanitized CWD path injection into LLM prompts

OpenClaw's Zalo group sender allowlist bypass permits unauthorized GROUP dispatch

Prototype Pollution in ini-parser

vxe-table Cross-site Scripting vulnerability

Flowise: Weak Default Express Session Secret

Malicious code in elf-stats-sparkly-cocoa-863 (npm)

Malicious code in elf-stats-sprucey-snowman-250 (npm)

Malicious code in elf-stats-sprucey-train-471 (npm)

Authorization Bypass in Next.js Middleware

Prototype Pollution in set-or-get

pnpm has Windows-specific tarball Path Traversal

plotly.js prototype pollution vulnerability

Malicious code in wlwz-2312-7301 (npm)

Malicious code in vpi-guides (npm)

Malicious code in @diotoborg/eius-animi-ullam (npm)

Malicious code in wagner-horizon (npm)

Unlimited transforms allowed for signed nodes

Resources Downloaded over Insecure Protocol in igniteui

express-param vulnerable to Improper Handling of Extra Parameters

arrayfire-js downloads Resources over HTTP

Malicious code in elf-stats-twinkling-marshmallow-913 (npm)

Markdownify MCP Server allows Server-Side Request Forgery (SSRF) via the Markdownify.get() function

Malicious code in elf-stats-wintry-icicle-283 (npm)

Malicious code in @azure-tests/perf-service-bus (npm)

Remote Memory Disclosure in bittorrent-dht

Nteract Remote Code Execution vulnerability

Malicious code in arkane-network (npm)

Malicious code in elf-stats-caroling-mailbag-397 (npm)

Malicious code in ams-ssk (npm)

Command Injection in gitlabhook

OpenZeppelin Contracts initializer reentrancy may lead to double initialization

Downloads Resources over HTTP in haxe3

Next.js Affected by Cache Key Confusion for Image Optimization API Routes

gry vulnerable to Command Injection

Malicious code in @diotoborg/esse-accusantium-ratione (npm)

Cross-site scripting vulnerability in TinyMCE

Froala WYSIWYG editor allows cross-site scripting (XSS)

Malicious code in @diotoborg/esse-distinctio-repellat (npm)

Malicious code in elf-stats-frostbitten-reindeer-875 (npm)

Malicious code in elf-stats-ginger-reindeer-411 (npm)

Malicious code in common-tg-service (npm)

Malicious code in microsoft-agents-auth-service (npm)

OpenClaw: Gateway `agent` calls could override the workspace boundary

Potential SQL Injection in sequelize

Malicious code in elf-stats-gingersnap-ornament-469 (npm)

Malicious code in elf-stats-glittering-fir-252 (npm)

eivindfjeldstad-dot contains prototype pollution vulnerability

Malicious code in @diotoborg/et-voluptatum-mollitia (npm)

Malicious code in elf-stats-glittering-nutcracker-709 (npm)

skilleton has improper input handling in repository/path processing

Path Traversal in marked-tree

AutoUpdater module fails to validate certain nested components of the bundle

OpenClaw has incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in `!stop` Chat Command via `shell-utils.ts`

React Router vulnerable to XSS via Open Redirects

Duplicate Advisory: OpenClaw's Node system.run approval hardening wrapper semantic drift can execute unintended local scripts

OpenClaw: Voice-call still parses large WebSocket frames before start validation (Incomplete fix for CVE-2026-32062)

printf vulnerable to Regular Expression Denial of Service (ReDoS)

Malicious code in @diotoborg/eveniet-officia (npm)

OS Command injection in ssl-utils

node-forge has ASN.1 Unbounded Recursion

@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state

Arbitrary Command Injection in portprocesses

Malicious code in @diotoborg/eveniet-pariatur-esse (npm)

Malicious code in @diotoborg/ex-quo-odio (npm)

Malicious code in paypal-payouts-bridge (npm)

openclaw-claude-bridge: sandbox is not effective - `--allowed-tools ""` does not restrict available tools

Malicious code in elf-stats-merry-cookiejar-442 (npm)

Malicious code in paychex-common-vendor-lib (npm)

Cross-Site Scripting (XSS) in Verdaccio

Malicious code in elf-stats-sleighing-nutcracker-806 (npm)

Malicious code in capacitor-plugin-service-worker (npm)

Malicious code in pocpoc2626 (npm)

Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows

Malicious code in elf-stats-silvered-star-676 (npm)

Oceanic allows unsanitized user input to lead to path traversal in URLs

Malicious code in elf-stats-snowdusted-lantern-234 (npm)

OpenCC has an Out-of-bounds read when processing truncated UTF-8 input

Joplin Cross-site Scripting vulnerability

Malicious code in api-typings (npm)

Malicious code in seek-pass (npm)

OpenClaw: Matrix profile config persistence was reachable from operator.write message tools

Malicious code in lazyhtml-scripts (npm)

Malicious code in fanduel (npm)

Malicious code in @bank-widgets/whats-new (npm)

Malicious code in @channel_bot/xa0 (npm)

Malicious code in @t-in-one/save_application_hid_to_storage (npm)

Malicious code in ms.analytics-web (npm)

cordova-plugin-fingerprint-aio DoS vulnerability

Malicious code in paysera-checkout-modal (npm)

Malicious code in elf-stats-snowdusted-cookiejar-250 (npm)

Payload does not invalidate JWTs after log out

Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings

Rebuild-bot workflow may allow unauthorised repository modifications

Prototype pollution vulnerability in 'patchmerge'

Malicious code in elf-stats-candlelit-train-228 (npm)

Malicious code in elf-stats-caroling-hammer-382 (npm)

Cross-site Scripting in CKEditor4

Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS

radashi Allows Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Cross-site scripting vulnerability in TinyMCE alerts

Regular Expression Denial of Service in ssri

Logging of the firestore key within nodejs-firestore

node-tesseract-ocr is vulnerable to OS Command Injection through unsanitized recognize() function parameter

Malicious code in @diotoborg/inventore-quasi (npm)

jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions

Insufficient Session Expiration in NocoDB

Malicious code in @diotoborg/ipsa-deleniti-ab (npm)

Malicious code in elf-stats-twinkling-bell-867 (npm)

Malicious code in mui-wrapper-icons (npm)

Always-Incorrect Control Flow Implementation in Facebook Hermes

Path Traversal in resolve-path

Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values

FUXA Unauthenticated Remote Arbitrary Device Tag Write

Regular Expression Denial of Service in moment

Malicious code in bfruitmaliciousxmlparser (npm)

Malicious code in @diotoborg/iste-laborum (npm)

Malicious code in @diotoborg/itaque-aliquid-quisquam (npm)

Malicious code in uba-plugins (npm)

node-latex-pdf is susceptible to command injection

Malicious code in @diotoborg/labore-atque (npm)

Malicious code in android_teminator_x (npm)

Malicious code in elf-stats-cocoa-workshop-459 (npm)

Status Board vulnerable to Cross-Site Scripting before v1.1.82

Node-Traceroute RCE Vulnerability

matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver

Malicious code in arm-attestation (npm)

Malicious code in arm-azurestack (npm)

Malicious code in xnetgpt (npm)

Regular Expression Denial of Service in jadedown

google-cloudstorage-commands Command Injection vulnerability

Malicious code in 01template1 (npm)

Malicious code in @nosinovacao/nosid-mfe-common (npm)

Malicious code in @vienna_cancer_center_portal/js (npm)

OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection

OpenClaw bootstrap setup codes could be replayed to escalate pending pairing scopes before approval

Unhandled case in node-lmdb

OpenClaw has a IPv6 multicast SSRF classifier bypass

Malicious code in @diotoborg/libero-ratione-delectus (npm)

OpenClaw's config env vars allowed startup env injection into service runtime

@grackle-ai/server JSON.parse lacks try-catch logic in its gRPC Service AdapterConfig Handling

Malicious code in amazon-testpackage (npm)

Malicious code in amournapraia (npm)

MCPHub has an authentication bypass

Prototype Pollution in undefsafe

Malicious code in bdwngkairzovfpje (npm)

Directory Traversal in geddy

Malicious code in @diotoborg/molestiae-doloribus (npm)

Malicious code in elf-stats-caroling-wreath-635 (npm)

Malicious code in @diotoborg/molestiae-maxime (npm)

Malicious code in chai-max (npm)

Malicious code in elf-stats-glittering-cookie-844 (npm)

nodefabric is malware

Anthropic's MCP TypeScript SDK has a ReDoS vulnerability

gifplayer XSS vulnerability

Malicious code in ugc-kit (npm)

OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins

Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js

Malicious code in awsmcc (npm)

Backstage vulnerable to potential reading of SCM URLs using built in token

Malicious code in ie8-dom-define (npm)

nodemailer.js is malware

Directory Traversal in gaoxuyan

Malicious code in @diotoborg/nobis-facilis (npm)

deepHas vulnerable to Prototype Pollution via constructor.prototype

Malicious code in configs-web-react (npm)

Parse Dashboard is Missing CSRF Protection for its Agent Endpoint

Prototype Pollution in worksmith

validator.js has a URL validation bypass vulnerability in its isURL function

Malicious code in aws-features-signin-proxy-client (npm)

Malicious code in @diotoborg/nobis-mollitia (npm)

Malicious code in console-node-ts (npm)

Regular Expression Denial of Service in charset

Prototype pollution in nconf-toml

OneUptime has WhatsApp Resend Verification Authorization Bypass

OpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get

Hidden fields can be leaked on readable collections in Payload

Malicious code in wlwz-2312-7504 (npm)

Malicious code in aws-ui-component-select (npm)

Malicious code in lappsec-testpackage (npm)

Malicious code in pixelary (npm)

Tracking Module in botbait

Malicious code in linear-open-issue (npm)

Regular Expression Denial of Service (REDoS) in Marked

Improper Handling of Exceptional Conditions in detect-character-encoding

Malicious code in tsb-authorization (npm)

Directory traversal in rollup-plugin-server

MySQL2 for Node Arbitrary Code Injection

oauth2-server through 3.1.1 vulnerable to Open Redirect

Malicious code in ofjaaah-dependency-confusion (npm)

Malicious code in vistar-ad-clienttestadv3 (npm)

openssl.js is malware

phoenix_html allows Cross-site Scripting in HEEx class attributes

Malicious code in @diotoborg/officiis-nam-dignissimos (npm)

Downloads Resources over HTTP in apk-parser

Malicious code in fatfingers-hello (npm)

Malicious code in fatfingers-helloo (npm)

Malicious code in echo-color (npm)

Missing Origin Validation in parcel-bundler

Malicious code in @diotoborg/optio-voluptatum (npm)

Malicious code in nsemea-core-poc (npm)

OpenClaw has a workspace-only sandbox guard mismatch for @-prefixed absolute paths

Malicious code in @diotoborg/perferendis-odit (npm)

webpack-dev-server users' source code may be stolen when they access a malicious web site

Malicious code in @diotoborg/placeat-placeat (npm)

OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation

Malicious code in cordova-plugin-permissions (npm)

Malicious code in wagmi-ethers-connectors (npm)

Malicious code in bookingcom-auth (npm)

Server-Side Request Forgery in Directus

Malicious code in @diotoborg/quaerat-dicta (npm)

Malicious code in wegenenverkeer (npm)

Malicious code in string-multiutils (npm)

Cross-site scripting vulnerability in TinyMCE

Malicious code in system-v11 (npm)

Malicious code in airdrop-interface-markets (npm)

Denial of service in prismjs

Malicious code in nayan-videos-downloaders (npm)

Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)

Information disclosure in parse-server

Mind-elixir Cross-site Scripting vulnerability

Malicious code in @diotoborg/quo-dolorem-ducimus (npm)

Unhandled crash in npm posix

Malicious code in zenith.svg-loader (npm)

Prototype Pollution in lodash

Malicious code in lovable-js (npm)

OpenClaw Gateway: RCE and Privilege Escalation from operator.pairing to operator.admin via device.pair.approve

Malicious code in @diotoborg/quos-accusantium (npm)

Sensitive Data Exposure in seneca

Packing does not respect root-level ignore files in workspaces

OpenClaw vulnerable to SSRF in src/agents/tools/web-fetch.ts

@stablelib/cbor: Stack exhaustion Denial of Service via deeply nested CBOR arrays, maps, or tags

Malicious code in @diotoborg/quos-eos (npm)

OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated

Malicious code in pycodestyle (npm)

Malicious code in aes-valid-ipherv (npm)

Malicious code in plonkscript-docs (npm)

Potential Cross-site Scripting vulnerability in Hydrogen

Malicious code in developit (npm)

Downloads Resources over HTTP in npm-test-sqlite3-trunk

Downloads Resources over HTTP in macaca-chromedriver-zxa

Malicious code in web3js-wallet (npm)

Malicious code in nf-cons-log (npm)

Malicious code in hardhat-configs (npm)

Malicious code in style-postprocessor (npm)

Malicious code in uidraftism (npm)

VvvebJs Reflected Cross-Site Scripting (XSS) vulnerability

Flowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public Chatflow in Flowise

Malicious code in yuji-baileys (npm)

Malicious code in libsignal-yazxz (npm)

Malicious code in whatnot-events (npm)

Malicious code in chai-promised-async (npm)

Malicious code in chain-promised-cli (npm)

Malicious code in express-session-js (npm)

OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution

Malicious code in @_wnpm/wnpm-cli (npm)

Prototype pollution vulnerability in 'predefine'

Malicious code in bfx-hf-strategy-perf (npm)

OpenClaw BlueBubbles webhook auth bypass via loopback proxy trust

Malicious code in @appleseed-apple/ac-sass-kit (npm)

Malicious code in simple-auth-basic (npm)

Joplin vulnerable to Cross-site Scripting in notes

Malicious code in modern-events (npm)

Malicious code in bitu-staking (npm)

Flowise: Unauthenticated Information Disclosure of OAuth Secrets (Cleartext) via GET Request

Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains

Reflected cross-site scripting (XSS) vulnerability

OpenClaw Hook Session Key Override Enables Targeted Cross-Session Routing

Uptime Kuma's Regular Expression in pushdeeer and whapi file Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Parse Server has an auth provider validation bypass on login via partial authData

Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints

Malicious code in @bmg-web/bmg-external-link (npm)

Malicious code in @bmg-web/bmg-grid (npm)

TinaCMS CLI Dev Server Vulnerable to Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS

Malicious code in @bmg-web-features/bmg-user-interaction-tracker (npm)

Sveltejs devalue's `devalue.parse` and `devalue.unflatten` emit objects with `__proto__` own properties

ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction

Malicious code in etsyapp (npm)

Malicious code in pgserve (npm)

Malicious code in @automagik/genie (npm)

@udecode/plate-link does not sanitize URLs to prevent use of the `javascript:` scheme

Command Injection in tree-kill

Improper Initialization in OpenZeppelin

coffe-script is malware

expr-eval does not restrict functions passed to the evaluate function

Follow Redirects improperly handles URLs in the url.parse() function

Parse Server exposes the data schema via GraphQL API

n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner

Malicious code in @nklkas/hyperliquid (npm)

Malicious code in changelog-cli-logger (npm)

Malicious code in changelog-utils-structured-logger (npm)

Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS

directus vulnerable to Insertion of Sensitive Information into Log File

url-parse Incorrectly parses URLs that include an '@'

Directory Traversal in dcdcdcdcdc

Malicious code in separadordeinfocc (npm)

Malicious code in ts-bing (npm)

Malicious code in ts-moduler (npm)

Malicious code in undicy-http (npm)

Malicious code in vime-azl (npm)

Malicious code in pyright-root (npm)

Malicious code in responses-starter-app (npm)

OpenClaw has a Command Injection via unescaped environment assignments in Windows Scheduled Task script generation

fuseki downloads Resources over HTTP

Malicious code in json-mapping-src (npm)

Prototype Pollution in defaults-deep

Denial of Service in ecstatic

Malicious code in crypto-locale (npm)

Malicious code in ben1 (npm)

Path traversal in rollup-plugin-serve

OpenClaw: Pairing-scoped device tokens could mint `operator.admin` and reach node RCE

Malicious code in @diotoborg/quaerat-eius (npm)

Malicious code in elf-stats-shimmering-muffin-598 (npm)

OS Command Injection in adb-driver

ApostropheCMS: Information Disclosure via choices/counts Query Parameters Bypassing publicApiProjection Field Restrictions

Picomatch has a ReDoS vulnerability via extglob quantifiers

Angular i18n vulnerable to Cross-Site Scripting

Insecure Defaults Allow MITM Over TLS in engine.io-client

Snyk plugins vulnerable to Command Injection

Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace

Use of Insufficiently Random Values in undici

Verification Bypass in jsonwebtoken

Preact has JSON VNode Injection issue

@siteboon/claude-code-ui is Vulnerable to Command Injection via Multiple Parameters

Remote code execution in handlebars when compiling templates

Electron: Context Isolation bypass via contextBridge VideoFrame transfer

Astro's server source code is exposed to the public if sourcemaps are enabled

Complete Bypass of CVE-2026-24884 Patch via Git-Delivered Symlink Poisoning in compressing

Electron: Unquoted executable path in app.setLoginItemSettings on Windows

OpenClaw's complex interpreter pipelines could skip exec script preflight validation

Margox Braft-Editor Cross-site Scripting Vulnerability

Stored Cross-Site Scripting in tianma-static

@node-oauth/oauth2-server: PKCE code_verifier ABNF not enforced in token exchange allows brute-force redemption of intercepted authorization codes

Fastify's connection header abuse enables stripping of proxy-added headers

express vulnerable to XSS via response.redirect()

@perfood/couch-auth has a host header injection vulnerability

Prototype Pollution in merge-options

Downloads Resources over HTTP in adamvr-geoip-lite

Path traversal vulnerability in gatsby-plugin-sharp

Better Auth Open Redirect Vulnerability in originCheck Middleware Affects Multiple Routes

Shadowsock is malware

@envelop/graphql-modules has a Race Condition vulnerability

path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters

Improper Key Verification in openpgp

OpenClaw's Chrome extension relay binds publicly due to wildcard treated as loopback

Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS)

Command Injection in pidusage

Fabric.js Affected by Stored XSS via SVG Export

Directory Traversal in pytservce

Directory Traversal in fancy-server

OpenClaw: Node camera URL payload host-binding bypass allowed gateway fetch pivots

Command injection in kill-process-on-port

Malicious code in chai-pack (npm)

Directory Traversal in dylmomo

Open Redirect in koa-remove-trailing-slashes

Malicious code in rtxbbtyols (npm)

Malicious code in @diotoborg/sed-tempora-natus (npm)

Malicious code in @diotoborg/sed-veniam-cupiditate (npm)

fast-xml-parser has RangeError DoS Numeric Entities Bug

CRLF Injection in Nodejs ‘undici’ via host

Parse Server has a protected fields bypass via logical query operators

Prototype Pollution in decal

Heap Based Buffer Overflow in libyaml

Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy

Directus version number disclosure

Malicious code in apollocli8ent (npm)

Cloudflare Agents SDK has Insecure Direct Object Reference (IDOR) via Header-Based Email Routing

OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override

Duplicate Advisory: OpenClaw's complex interpreter pipelines could skip exec script preflight validation

Malicious code in @azure-tests/perf-keyvault-secrets (npm)

Malicious code in @diotoborg/suscipit-officia (npm)

color-string@2.1.1 contains malware after npm account takeover

Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk)

Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling

Malicious code in @diotoborg/suscipit-vitae (npm)

Malicious code in @diotoborg/tempora-consequatur (npm)

ipip-coffee downloads Resources over HTTP

Malicious code in apollolinhttp (npm)

Malicious code in @diotoborg/temporibus-quasi-quasi (npm)

Tmp files readable by other users in sync-exec

Downloads Resources over HTTP in mystem3

Duplicate Advisory: Signal group allowlist authorization bypass via DM pairing-store leakage

tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter

Malicious code in @diotoborg/tenetur-eos-commodi (npm)

OpenClaw: workspace path guard bypass on non-existent out-of-root symlink leaf

Directus: Authenticated Users Can Extract Concealed Fields via Aggregate Queries

Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation

Remote code execution in vscode-npm-script

Malicious code in @diotoborg/velit-placeat (npm)

Malicious code in @diotoborg/velit-reiciendis-velit (npm)

Uncontrolled Resource Consumption in markdown-it

OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode

OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send

OpenClaw's unsanitized session ID enables path traversal in transcript file operations

Directory Traversal in hftp

n8n Information Disclosure vulnerability

Malicious code in app.1inch.io (npm)

Malicious code in wlwz-2312-7707 (npm)

Misuse of `Reference` and other transferable APIs may lead to access to nodejs isolate

Regular Expression Denial of Service in forwarded

webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence

Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Improper Input Validation in xdLocalStorage

Denial of service vulnerability exists in libxmljs

Cross-site Scripting (XSS) in @scullyio/scully

Ghost vulnerable to information disclosure of private API fields

Directory Traversal in elding

Malicious code in muthu (npm)

Raneto v0.17.0 employs weak password complexity requirements

Android WebView Universal Cross-site Scripting

Finance.js vulnerable to DoS via the seekZero() parameter

NPM IP package incorrectly identifies some private IP addresses as public

XSS due to lack of CSRF validation for replying/publishing

Code injection in plupload

fast-xml-parser vulnerable to ReDOS at currency parsing

Information disclosure in SSB-DB

Cezerin Unauthorized Acces

Cross-Site Scripting in dojo

Strapi mishandles hidden attributes within admin API responses

n8n: Webhook Forgery on Github Webhook Trigger

Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`

Insufficient Entropy in cryptiles

Malicious code in bebekair (npm)

Malicious code in 0g-storage-contracts (npm)

OpenClaw has Inconsistent Host Exec Environment Override Sanitization

DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation

Use of Potentially Dangerous Function in mixme

OS Command Injection in lifion-verify-deps

Malicious code in wlwz-2312-7901 (npm)

Malicious code in apigeeclientlib (npm)

Directus: Sensitive fields exposed in revision history

json-schema-editor-visual vulnerable to prototype pollution

Macro in MathJax running untrusted Javascript within a web browser

tkinter is malware

Malicious code in tappp-tv-ui-lib (npm)

trentm/json vulnerable to command injection

Parse Server has a bypass of class-level permissions in LiveQuery

Path Traversal in public

OpenClaw's tools.exec.safeBins sort long-option abbreviation bypass can skip exec approval in allowlist mode

Unintentional leakage of private information via cross-origin websocket session hijacking

OpenClaw has an inbound allowlist policy bypass in voice-call extension (empty caller ID + suffix matching)

Malicious code in node-integration-test (npm)

Malicious code in passports-js (npm)

Spoofing attack due to unvalidated KDC in node-krb5

Arbitrary File Write in adm-zip

@sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service

Malicious code in bamoe-standalone-dmn-editor (npm)

Validation bypass in frourio

@fastify/middie vulnerable to middleware authentication bypass in child plugin scopes

Open Redirect in st

Malicious code in app_intelligence (npm)

Malicious code in json-specparse (npm)

Hono JWK Auth Middleware has JWT algorithm confusion when JWK lacks "alg" (untrusted header.alg fallback)

h3 has a middleware bypass with one gadget

Cross Site Scripting (XSS) in @finastra/ssr-pages

steal vulnerable to Prototype Pollution via requestedVersion variable

canvg Prototype Pollution vulnerability

Malicious code in ml-translate-vis (npm)

DOMPurify contains a Cross-site Scripting vulnerability

ffmepg is malware

Buffer overflow in canvas

jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch

React Router has Path Traversal in File Session Storage

Prototype Pollution in object-path

Malicious code in inclusive-ai-dao-website (npm)

FlowiseAI Pre-Auth Arbitrary Code Execution

@ndhoule/defaults prototype pollution

Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows

eBay API MCP Server Affected by Environment Variable Injection

Exfiltration of hashed SMB credentials on Windows via file:// redirect

React Router has XSS Vulnerability

Malicious code in hedgedoc-api (npm)

Arbitrary Code Execution in Handlebars

tarteaucitron.js allows url scheme injection via unfiltered inputs

undici before v5.8.0 vulnerable to CRLF injection in request headers

Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution

Directus allows redacted data extraction on the API through "alias"

karma-mojo enables OS Command Injection

Regular Expression Denial of Service in djvalidator

fabric-js is malware

Malicious code in hilla-components-dependencies (npm)

Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding

pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default"

Command injection in simple-git

Malicious code in @azure-tests/perf-monitor-query (npm)

Malicious code in 29ge1l (npm)

Claude Code can execute commands prior to the startup trust dialog

OpenClaw vulnerable to path traversal (Zip Slip) in archive extraction during explicit installation commands

Server-Side Request Forgery in parse-url

Cross-Site Scripting in swagger-ui

OpenClaw has command injection via Windows shell fallback in Lobster tool execution

Remote Memory Exposure in bl

Malicious code in mock-solc-0.6 (npm)

Malicious code in seller-webchat-service (npm)

mcp-package-docs vulnerable to command injection in several tools

static-dev-server vulnerable to path traversal

mailparser vulnerable to Cross-site Scripting

OpenClaw QQ Bot Extension missing SSRF Protection on All Media Fetch Paths

Backstage Scaffolder plugin vulnerable to Server-Side Request Forgery

Malicious code in here_base (npm)

Prototype pollution in matrix-react-sdk

Malicious code in e-learning-garena (npm)

Malicious code in fc-accordion (npm)

Fiora chat group avatar is vulnerable to XSS via SVG files

Shescape potential environment variable exposure on Windows with CMD

@isaacs/brace-expansion has Uncontrolled Resource Consumption

Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU)

@aofl/cli-lib Prototype Pollution vulnerability

Malicious code in new-code-script-gt-a-samp-h-a-c-k-down-lo-ad-lkk02y (npm)

OpenClaw is Missing Webhook Authentication in Telnyx Provider Allows Unauthenticated Requests

OneUptime: Synthetic Monitor RCE via exposed Playwright browser object

Prototype pollution in supermixer

Malicious code in ac-async-helpers (npm)

Malicious code in epxressoo (npm)

Directus API vulnerable to denial of service

tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball

OpenClaw's system.run allowlist approval parsing missed PowerShell encoded-command wrappers

n8n has SQL Injection in Data Table Node via orderByColumn Expression

happy-dom's `--disallow-code-generation-from-strings` is not sufficient for isolating untrusted JavaScript

Malicious code in yamoney-guidelines (npm)

Malicious code in apple-internal-pki-trust (npm)

Malicious code in apple-internal-security-library-v99 (npm)

Malicious code in archetype-style (npm)

ws affected by a DoS when handling a request with many HTTP headers

node-opensl is malware

frames-compiler downloads Resources over HTTP

@tootallnate/once vulnerable to Incorrect Control Flow Scoping

OpenClaw's voice-call Twilio webhook replay could bypass manager dedupe because normalized event IDs were randomized per parse

ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution

Code injection in blamer

Malicious code in gop_status_frontend (npm)

Prototype Pollution in deep.assign

OpenClaw has incomplete IPv4 special-use SSRF blocking in web fetch guard

LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

Directory Traversal in fast-http-cli

Fonoster is vulnerable to directory traversal

Malicious code in bfs-hello-world (npm)

Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions

Sandbox escape via infinite recursion and error objects

Malicious code in bfvcjmwgayetoizd (npm)

Malicious code in o-typography (npm)

Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Malicious code in gunbazaar (npm)

Malicious code in log5j-v2 (npm)

Malicious code in energy-portal (npm)

OpenClaw has an exec allowlist bypass via command substitution/backticks inside double quotes

Imperative CLI vulnerable to Command Injection

XSS in the `altField` option of the Datepicker widget in jquery-ui

Malicious code in appboy (npm)

Directory traversal in rollup-plugin-server

Denial of Service vulnerability in @podium/layout and @podium/proxy

OpenClaw: Host exec environment overrides miss proxy, TLS, Docker, and Git TLS controls

Heap-based Buffer Overflow in sqlite-vec

Malicious code in opti-distube (npm)

Malicious code in ts-jest-starter-kit (npm)

Malicious code in hrpdesign (npm)

Malicious code in rxnt-kue (npm)

NocoDB has Unvalidated Redirect in Login Flow via continueAfterSignIn Parameter

Memory exhaustion in SvelteKit remote form deserialization (experimental only)

Malicious code in arm-storsimple8000series (npm)

Access of Resource Using Incompatible Type in Hermes

Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing

Malicious code in 4tj82n (npm)

Malicious code in lovable-react (npm)

Injection in op-browser

Malicious code in indexer-worker-service (npm)

Malicious code in express-v4 (npm)

Malicious code in cscchokidar-next (npm)

Malicious code in a-lbum-do-wnload-avai-lable-file-261573-generations-do7io-mdogom (npm)

Seroval affected by Denial of Service via Deeply Nested Objects

Improper Authentication in react-adal

coursevault-preview has a path traversal due to improper base-directory boundary validation

Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression

OpenClaw: Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin

Malicious code in vite-plugin-svgn (npm)

Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE)

Malicious code in zeus-me-ops-tool (npm)

Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash

Cross-Site Scripting in sanitize-html

Malicious code in zeus-mex-user-profile (npm)