playwright

Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate

OneUptime: Synthetic Monitor RCE via exposed Playwright browser object

Microsoft Playwright MCP Server vulnerable to DNS Rebinding Attack; Allows Attackers Access to All Server Tools

Malicious code in eslint-plugin-internal-playwright (npm)

Malicious code in playwright-internal (npm)

Malicious code in playwright-1.48 (npm)

Malicious code in node-js-playwright-browserstack (npm)

Malicious code in accept-a-payment-playwright-testing (npm)

OneUptime has Synthetic Monitor RCE via exposed Playwright browser object

OpenClaw: Strict browser SSRF bypass in Playwright redirect handling leaves private targets reachable

Malicious code in playwright-1.46 (npm)

Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages

Malicious code in buildkite-test-collector-playwright-example (npm)

Malicious code in playwright-coverage (npm)

Malicious code in @frozen-team-qa/ga-store-playwright (npm)

Malicious code in @frozen-team-qa/playwright-components (npm)

Malicious code in @frozen-team-qa/playwright-helpers (npm)

Malicious code in @frozen-team-qa/playwright-slack-reporter (npm)

Malicious code in @frozen-team-qa/playwright-utils (npm)

Malicious code in playwright-1.45 (npm)

Malicious code in playwright-1.47 (npm)

Malicious code in ui-test-playwright (npm)

Malicious code in playwright.dev (npm)

Malicious code in cit-playwright-tests (npm)