images

15 known vulnerabilities · 0 critical · 2 high

images vulnerable to Denial of Service

Published Jul 10, 2024

Astro allows unauthorized third-party images in _image endpoint

Published Aug 19, 2025

evershop allows unauthenticated attackers to exhaust application server's resources via "GET /images" API

Published Jan 5, 2026

MAL-2022-4322

Malicious code in list-images (npm)

Published Jul 21, 2022

evershop allows unauthenticated attackers to force server to initiate HTTP request via "GET /images" API

Published Jan 5, 2026

GHSA-c9h3-5p7r-mrjh

OpenClaw: Discord event cover images bypassed sandbox media normalization

Published Apr 17, 2026

OpenClaw's image tool bypasses tools.fs.workspaceOnly on sandbox mount paths and exfiltrates out-of-workspace images

Published Mar 4, 2026

MAL-2025-1134

Malicious code in images.pages.dev (npm)

Published Feb 3, 2025

grunt-images downloads Resources over HTTP

Published Aug 15, 2018

MAL-2022-544

Malicious code in @qw-app/images (npm)

Published Jun 20, 2022

MAL-2023-519

Malicious code in images-inliner (npm)

Published Jan 30, 2023

MAL-2023-467

Malicious code in gatsby-remark-images-uploadcare (npm)

Published Apr 12, 2023

MAL-2022-3288

Malicious code in gatsby-source-remote-images (npm)

Published Jun 20, 2022

MAL-2022-6726

Malicious code in uber-images (npm)

Published Jul 26, 2022

MAL-2025-190871

Malicious code in @mparpaillon/imagesloaded (npm)

Published Nov 24, 2025

Check your entire dependency tree at onceRun dependency scan →