nteract
38 known vulnerabilities · 1 critical · 0 high
Malicious code in @bmg-web-features/bmg-user-interaction-tracker (npm)
Malicious code in vg-interaction-model (npm)
OpenClaw: Slack interactive callbacks could skip configured sender checks in some shared-workspace flows
OpenClaw's Discord component interaction ingress skips guild/channel policy enforcement
Malicious code in pet-profile-micro-interaction (npm)
OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement
OpenClaw: Browser interaction routes could pivot into local CDP and regain file reads
File upload local preview can run embedded scripts after user interaction
OpenClaw: Sandbox noVNC helper route exposed interactive browser session credentials
OpenClaw has Browser SSRF Policy Bypass via Interaction-Triggered Navigation
Malicious code in @voiceflow/dtos-interact (npm)
Malicious code in interaction-tracing (npm)
Malicious code in interaction-tracing-metrics (npm)
Next.js has cross-site scripting in beforeInteractive scripts with untrusted input
Duplicate Advisory: OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message
OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage
Duplicate Advisory: OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage
Malicious code in cx-hub-interaction-lib (npm)
Malicious code in etherscancontractinteraction (npm)
Malicious code in user-interaction-service (npm)
Malicious code in rt-interactive-card-collection (npm)
Malicious code in twilio-live-interactive-video (npm)
Malicious code in interactive-app (npm)
Malicious code in browser-interaction-time-demo (npm)
Malicious code in browser-interaction-time-utils (npm)
Malicious code in ml-interactive-data-augmentation (npm)
Vercel: Non-interactive mode includes CLI arguments in suggested command output
OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message
Malicious code in cx-hub-interaction-ui-lib (npm)
Malicious code in @antv/g-plugin-dom-interaction (npm)
Malicious code in @antv/g-plugin-mobile-interaction (npm)
Malicious code in @antv/interaction (npm)
Open Source Kubectl MCP Server vulnerable to arbitrary code execution via user interaction with crafted HTML page
Malicious code in twilio-live-interactive-audio (npm)
Malicious code in framerate-interaction-permissions (npm)
Malicious code in interaction-photos-infinitescroll (npm)