OsVault/npm/nteract
npm1 critical

nteract

25 known vulnerabilities · 1 critical · 0 high

CVE-2024-22891CRITICAL

Nteract Remote Code Execution vulnerability

Published Mar 1, 2024
MAL-2026-2989

Malicious code in @bmg-web-features/bmg-user-interaction-tracker (npm)

Published Apr 22, 2026
GHSA-536q-mj95-h29h

OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage

Published Apr 17, 2026
CVE-2026-32005

OpenClaw: Slack interactive callbacks could skip configured sender checks in some shared-workspace flows

Published Mar 4, 2026
CVE-2025-59046

interactive-git-checkout has a Command Injection vulnerability

Published Sep 10, 2025
GHSA-6336-qqw9-v6x6

OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message

Published Apr 3, 2026
MAL-2024-1064

Malicious code in pet-profile-micro-interaction (npm)

Published Mar 8, 2024
GHSA-527m-976r-jf79

OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement

Published Apr 17, 2026
GHSA-qmwg-qprg-3j38

OpenClaw: Browser interaction routes could pivot into local CDP and regain file reads

Published Apr 17, 2026
GHSA-8796-gc9j-63rv

File upload local preview can run embedded scripts after user interaction

Published May 17, 2021
GHSA-92jp-89mq-4374

OpenClaw: Sandbox noVNC helper route exposed interactive browser session credentials

Published Apr 17, 2026
GHSA-vr5g-mmx7-h897

OpenClaw has Browser SSRF Policy Bypass via Interaction-Triggered Navigation

Published Apr 9, 2026
MAL-2025-48766

Malicious code in twilio-live-interactive-audio (npm)

Published Oct 23, 2025
GHSA-jp4j-q5fc-58gv

OpenClaw's Discord component interaction ingress skips guild/channel policy enforcement

Published Mar 31, 2026
MAL-2025-191343

Malicious code in @voiceflow/dtos-interact (npm)

Published Nov 25, 2025
MAL-2025-3895

Malicious code in interaction-tracing (npm)

Published May 16, 2025
MAL-2025-3896

Malicious code in interaction-tracing-metrics (npm)

Published May 16, 2025
MAL-2025-6204

Malicious code in user-interaction-service (npm)

Published Jul 22, 2025
MAL-2025-4626

Malicious code in cx-hub-interaction-lib (npm)

Published Jun 2, 2025
MAL-2024-11118

Malicious code in etherscancontractinteraction (npm)

Published Nov 28, 2024
MAL-2025-192974

Malicious code in rt-interactive-card-collection (npm)

Published Dec 30, 2025
MAL-2025-2428

Malicious code in twilio-live-interactive-video (npm)

Published Mar 14, 2025
MAL-2024-9079

Malicious code in interactive-app (npm)

Published Oct 3, 2024
MAL-2024-11845

Malicious code in ml-interactive-data-augmentation (npm)

Published Dec 14, 2024
MAL-2025-48276

Malicious code in cx-hub-interaction-ui-lib (npm)

Published Oct 10, 2025
Check your entire dependency tree at onceRun dependency scan →