OsVault/npm/pg
npm2 critical

pg

115 known vulnerabilities · 2 critical · 6 high

CVE-2017-16082CRITICAL

Remote Code Execution in pg

Published Jul 24, 2018
CVE-2019-15658HIGH

SQL Injection in connect-pg-simple

Published Aug 26, 2019
CVE-2023-30541MEDIUM

OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated

Published Apr 17, 2023
MAL-2026-2991

Malicious code in pgserve (npm)

Published Apr 22, 2026
CVE-2019-9154HIGH

Improper Key Verification in openpgp

Published Aug 23, 2019
CVE-2017-16068HIGH

ffmepg is malware

Published Aug 29, 2018
CVE-2021-21412MEDIUM

[thi.ng/egf] Potential arbitrary code execution of `#gpg`-tagged property values

Published Apr 6, 2021
CVE-2023-49798MEDIUM

OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4

Published Dec 12, 2023
MAL-2022-1016

Malicious code in anpgvytdohnmusxxexicyoojcrmmzvartwuisqqtnaqolfyddhcfkpnrncyc (npm)

Published Jun 20, 2022
MAL-2022-6803

Malicious code in upgrade-challenge (npm)

Published Jun 20, 2022
MAL-2022-6861

Malicious code in usakiedqpgbhyonj (npm)

Published Jul 11, 2022
GHSA-8mpm-q7mh-8fvh

Capgo CLI: symlink-following local secret writes enable arbitrary file overwrite + world-readable credentials (0600 missing)

Published Mar 18, 2026
MAL-2022-2583

Malicious code in dpgs (npm)

Published Jun 20, 2022
MAL-2022-5044

Malicious code in ojqmdtzpguxshkeb (npm)

Published Jul 11, 2022
MAL-2022-7267

Malicious code in xedvhtkmspgzwkfy (npm)

Published Jul 12, 2022
CVE-2026-1527

Undici has CRLF Injection in undici via `upgrade` option

Published Mar 13, 2026
CVE-2021-41264CRITICAL

UUPSUpgradeable vulnerability in @openzeppelin/contracts

Published Sep 15, 2021
MAL-2024-7397

Malicious code in @zitterorg/upgraded-fishstick (npm)

Published Jul 4, 2024
MAL-2025-191225

Malicious code in @hapheus/n8n-nodes-pgp (npm)

Published Nov 24, 2025
MAL-2022-7152

Malicious code in winston-pg-native (npm)

Published Jun 20, 2022
CVE-2023-41037MEDIUM

Cleartext Signed Message Signature Spoofing in openpgp

Published Aug 29, 2023
MAL-2022-805

Malicious code in abenoypgxdqlmkwk (npm)

Published Jul 11, 2022
MAL-2024-7432

Malicious code in uppgrade (npm)

Published Jul 8, 2024
CVE-2026-25630

survey-pdf Upgraded jsPDF Version Due to Security Vulnerability

Published Feb 4, 2026
MAL-2023-263

Malicious code in django-pgaas (npm)

Published Jan 30, 2023
MAL-2024-8718

Malicious code in dowload_ebok_women_who_run_with_the_wolves_by_clarissa_pinkola_estes_phd_p7pgi (npm)

Published Sep 3, 2024
MAL-2025-48661

Malicious code in dhpgemrdhs92007 (npm)

Published Oct 26, 2025
MAL-2025-48663

Malicious code in dhpgemrdhs92009 (npm)

Published Oct 26, 2025
MAL-2025-48733

Malicious code in ldhpgemrdhs95005 (npm)

Published Oct 26, 2025
MAL-2025-1251

Malicious code in kvpair_db_upgrade (npm)

Published Feb 7, 2025
CVE-2025-29744

pg-promise SQL Injection vulnerability

Published Jun 12, 2025
MAL-2025-48652

Malicious code in dhpgemrdhs51214 (npm)

Published Oct 26, 2025
MAL-2025-48653

Malicious code in dhpgemrdhs60015 (npm)

Published Oct 26, 2025
MAL-2025-48654

Malicious code in dhpgemrdhs60152 (npm)

Published Oct 26, 2025
MAL-2025-48664

Malicious code in dhpgemrdhs92010 (npm)

Published Oct 26, 2025
MAL-2025-48665

Malicious code in dhpgemrdhs92011 (npm)

Published Oct 26, 2025
MAL-2025-48666

Malicious code in dhpgemrdhs92092 (npm)

Published Oct 26, 2025
MAL-2025-48667

Malicious code in dhpgemrdhs94006 (npm)

Published Oct 26, 2025
CVE-2019-9153HIGH

Message Signature Bypass in openpgp

Published Aug 23, 2019
CVE-2015-8013HIGH

OpenPGP 1.2.0 and earlier decrypts arbitrary messages

Published May 17, 2022
MAL-2022-5133

Malicious code in osmwedfvhtpgxzaj (npm)

Published Jul 11, 2022
CVE-2026-32062

OpenClaw voice-call media stream validated streams after upgrade, which could allow pre-start unauthenticated sockets to increase resource pressure

Published Mar 2, 2026
MAL-2022-6400

Malicious code in syzzfpmkizkljkiibpgb (npm)

Published Jun 20, 2022
GHSA-whf9-3hcx-gq54

OpenClaw `device.token.rotate` mints tokens for unapproved roles, bypassing device role-upgrade pairing

Published Apr 9, 2026
MAL-2022-5851

Malicious code in rqndoxabkthupgik (npm)

Published Jul 11, 2022
MAL-2024-1207

Malicious code in payable-js-ipg-sdk (npm)

Published Apr 8, 2024
MAL-2022-7085

Malicious code in web3-upgrade (npm)

Published Jun 8, 2022
CVE-2025-47934

OpenPGP.js's message signature verification can be spoofed

Published May 19, 2025
GHSA-f44p-c7w9-7xr7

OpenClaw: Gateway WebSocket Denial of Service via unbounded pre-auth upgrades

Published Mar 31, 2026
MAL-2022-2320

Malicious code in dai-pg (npm)

Published Jun 2, 2022
CVE-2022-25852HIGH

pg-native and libpq vulnerable to uncontrolled resource consumption

Published Jun 18, 2022
MAL-2025-3919

Malicious code in solara-upgrade (npm)

Published May 16, 2025
MAL-2025-48659

Malicious code in dhpgemrdhs92004 (npm)

Published Oct 26, 2025
MAL-2025-48660

Malicious code in dhpgemrdhs92006 (npm)

Published Oct 26, 2025
MAL-2025-48717

Malicious code in ldhpgemrdhs51214 (npm)

Published Oct 26, 2025
MAL-2025-48718

Malicious code in ldhpgemrdhs60015 (npm)

Published Oct 26, 2025
MAL-2025-48720

Malicious code in ldhpgemrdhs60214 (npm)

Published Oct 26, 2025
MAL-2025-48721

Malicious code in ldhpgemrdhs79029 (npm)

Published Oct 26, 2025
MAL-2025-48719

Malicious code in ldhpgemrdhs60152 (npm)

Published Oct 26, 2025
MAL-2025-48726

Malicious code in ldhpgemrdhs92007 (npm)

Published Oct 26, 2025
MAL-2025-48727

Malicious code in ldhpgemrdhs92009 (npm)

Published Oct 26, 2025
MAL-2025-48728

Malicious code in ldhpgemrdhs92010 (npm)

Published Oct 26, 2025
MAL-2025-48734

Malicious code in ldhpgemrdhs95006 (npm)

Published Oct 26, 2025
MAL-2023-8167

Malicious code in @spgy/eslint-plugin-spgy-fe (npm)

Published Sep 19, 2023
MAL-2025-48732

Malicious code in ldhpgemrdhs94010 (npm)

Published Oct 26, 2025
MAL-2022-3590

Malicious code in helium-pgbouncer (npm)

Published Jun 20, 2022
MAL-2025-3646

Malicious code in sharpgl (npm)

Published May 6, 2025
MAL-2022-2273

Malicious code in ctijdpgxrhqaknso (npm)

Published Jul 11, 2022
MAL-2022-907

Malicious code in ainruohkpglvwsmj (npm)

Published Jul 11, 2022
MAL-2025-48724

Malicious code in ldhpgemrdhs92004 (npm)

Published Oct 26, 2025
MAL-2025-48725

Malicious code in ldhpgemrdhs92006 (npm)

Published Oct 26, 2025
MAL-2025-48729

Malicious code in ldhpgemrdhs92011 (npm)

Published Oct 26, 2025
MAL-2022-787

Malicious code in @xvideos/upgrade (npm)

Published Jun 20, 2022
MAL-2022-3729

Malicious code in hwzpgf (npm)

Published Jul 20, 2022
MAL-2025-48723

Malicious code in ldhpgemrdhs84006 (npm)

Published Oct 26, 2025
MAL-2022-2222

Malicious code in cpg-nordic (npm)

Published Jun 20, 2022
MAL-2025-48731

Malicious code in ldhpgemrdhs94006 (npm)

Published Oct 26, 2025
MAL-2025-48722

Malicious code in ldhpgemrdhs83600 (npm)

Published Oct 26, 2025
MAL-2023-8505

Malicious code in @tpgroup/tpg-icon-inventory (npm)

Published Nov 10, 2023
MAL-2022-3683

Malicious code in hrdebjywvtkmcpga (npm)

Published Jul 11, 2022
MAL-2022-5312

Malicious code in pg-ng-popover (npm)

Published May 18, 2022
MAL-2024-8015

Malicious code in @pgc-web/web-creation (npm)

Published Aug 11, 2024
MAL-2022-5313

Malicious code in pgifo (npm)

Published Aug 19, 2022
MAL-2022-5314

Malicious code in pgk (npm)

Published Jun 8, 2022
MAL-2022-5315

Malicious code in pgovlicdntbzhskr (npm)

Published Jul 11, 2022
MAL-2022-5316

Malicious code in pgrcizmyxjbefkut (npm)

Published Jul 11, 2022
MAL-2022-5317

Malicious code in pgu (npm)

Published Aug 19, 2022
MAL-2022-5318

Malicious code in pguzvbahliyfwejk (npm)

Published Jul 11, 2022
MAL-2022-3025

Malicious code in fiapgcxeqyotukhz (npm)

Published Jul 11, 2022
MAL-2022-3035

Malicious code in filtetypg (npm)

Published Aug 19, 2022
MAL-2022-5617

Malicious code in rdeepgextend (npm)

Published Aug 19, 2022
MAL-2025-191565

Malicious code in auth-1s7epg (npm)

Published Dec 1, 2025
MAL-2022-5910

Malicious code in sainzpgwflumkdbc (npm)

Published Jul 11, 2022
MAL-2022-4133

Malicious code in kcupgbynzelovifq (npm)

Published Jul 11, 2022
MAL-2024-1208

Malicious code in payable-js-ipg-sdk-suba (npm)

Published Apr 8, 2024
MAL-2022-4202

Malicious code in knmkyipgcltveqdj (npm)

Published Jul 11, 2022
MAL-2022-4226

Malicious code in krmlpgntjfvesahi (npm)

Published Jul 11, 2022
MAL-2022-4245

Malicious code in kxtupghkymwldfic (npm)

Published Jul 11, 2022
MAL-2025-191324

Malicious code in @trackstar/react-trackstar-link-upgrade (npm)

Published Nov 24, 2025
CVE-2021-32659MEDIUM

Automatic room upgrade handling can be used maliciously to bridge a room non-consentually

Published Jun 21, 2021
CVE-2019-9155MEDIUM

Invalid Curve Attack in openpgp

Published Aug 23, 2019
MAL-2022-1776

Malicious code in calc_bx9d74rupg (npm)

Published Jun 20, 2022
MAL-2025-4421

Malicious code in ghpglobaldata (npm)

Published May 25, 2025
MAL-2025-4422

Malicious code in hpglobaldata (npm)

Published May 25, 2025
MAL-2025-48655

Malicious code in dhpgemrdhs60214 (npm)

Published Oct 26, 2025
MAL-2025-48658

Malicious code in dhpgemrdhs84006 (npm)

Published Oct 26, 2025
MAL-2024-12057

Malicious code in upgrade-solara (npm)

Published Dec 19, 2024
MAL-2025-48670

Malicious code in dhpgemrdhs95006 (npm)

Published Oct 26, 2025
MAL-2025-48730

Malicious code in ldhpgemrdhs92092 (npm)

Published Oct 26, 2025
MAL-2026-22

Malicious code in pkg1bate5apg1 (npm)

Published Jan 2, 2026
MAL-2025-48656

Malicious code in dhpgemrdhs79029 (npm)

Published Oct 26, 2025
MAL-2025-48657

Malicious code in dhpgemrdhs83600 (npm)

Published Oct 26, 2025
MAL-2026-81

Malicious code in upgrade-mobile (npm)

Published Jan 6, 2026
MAL-2025-48668

Malicious code in dhpgemrdhs94010 (npm)

Published Oct 26, 2025
MAL-2025-48669

Malicious code in dhpgemrdhs95005 (npm)

Published Oct 26, 2025
Check your entire dependency tree at onceRun dependency scan →