OsVault/npm/ps
npm10 critical

ps

410 known vulnerabilities · 10 critical · 16 high

CVE-2018-16460CRITICAL

ps Enables OS Command Injection

Published Sep 17, 2018
MAL-2024-8639

Malicious code in @diotoborg/soluta-numquam-ipsam (npm)

Published Sep 2, 2024
MAL-2025-190674

Malicious code in @posthog/rrweb-snapshot (npm)

Published Nov 24, 2025
CVE-2016-10622HIGH

nodeschnaps downloads resources over HTTP

Published Feb 18, 2019
CVE-2026-32003

OpenClaw has system.run shell-wrapper env injection via SHELLOPTS/PS4 can bypass allowlist intent (RCE)

Published Mar 3, 2026
MAL-2024-8261

Malicious code in @diotoborg/dolorum-ipsam (npm)

Published Sep 2, 2024
MAL-2026-3284

Malicious code in tinfoil-shops (npm)

Published May 4, 2026
MAL-2024-8371

Malicious code in @diotoborg/ipsa-deleniti-ab (npm)

Published Sep 2, 2024
MAL-2025-2109

Malicious code in lappsec-testpackage (npm)

Published Mar 4, 2025
GHSA-5jg4-p4qw-cgfr

@stablelib/cbor: Stack exhaustion Denial of Service via deeply nested CBOR arrays, maps, or tags

Published Apr 4, 2026
CVE-2024-56159

Astro's server source code is exposed to the public if sourcemaps are enabled

Published Dec 19, 2024
GHSA-4w7w-66w2-5vf9

Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling

Published Apr 6, 2026
CVE-2021-34078HIGH

OS Command Injection in lifion-verify-deps

Published Jun 3, 2022
MAL-2025-49077

Malicious code in zeus-me-ops-tool (npm)

Published Oct 29, 2025
CVE-2024-39008CRITICAL

robinweser fast-loops vulnerable to prototype pollution

Published Jul 1, 2024
CVE-2024-21485MEDIUM

Dash apps vulnerable to Cross-site Scripting

Published Feb 2, 2024
CVE-2018-3739CRITICAL

Denial of Service in https-proxy-agent

Published Jul 27, 2018
CVE-2020-7785CRITICAL

Command injection in node-ps

Published Mar 19, 2021
MAL-2022-1073

Malicious code in appsec-internal-package (npm)

Published Jun 20, 2022
CVE-2023-38695MEDIUM

@simonsmith/cypress-image-snapshothas fix for insecure snapshot file names

Published Aug 1, 2023
MAL-2022-1076

Malicious code in apswap-api (npm)

Published Jun 20, 2022
MAL-2022-2659

Malicious code in eclipse-typescript (npm)

Published Jun 20, 2022
MAL-2022-1071

Malicious code in apps-showcase (npm)

Published Jun 20, 2022
MAL-2022-3193

Malicious code in free-robux-codes-ps4 (npm)

Published Jun 20, 2022
MAL-2025-47100

Malicious code in polkadot-apps (npm)

Published Sep 12, 2025
GHSA-6hw5-45gm-fj88

@fastify/express has a middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons)

Published Apr 16, 2026
GHSA-xphh-5v4r-r3rx

PsiTransfer has Zip Slip Path Traversal via TAR Archive Download

Published Dec 30, 2025
CVE-2021-23391HIGH

Calipso Arbitrary File Write via Archive Extraction (Zip Slip)

Published Jun 8, 2021
CVE-2018-3787HIGH

simplehttpserver allows directory traversal and file listing

Published Sep 6, 2018
MAL-2026-3037

Malicious code in standalone-apps (npm)

Published Apr 25, 2026
MAL-2026-2910

Malicious code in tailwindthml-flips (npm)

Published Apr 15, 2026
MAL-2022-1385

Malicious code in azure-synapse-access-control-samples-js (npm)

Published Jun 20, 2022
CVE-2025-31119

generator-jhipster-entity-audit vulnerable to Unsafe Reflection when having Javers selected as Entity Audit Framework

Published Apr 4, 2025
CVE-2024-31454MEDIUM

PsiTransfer: File integrity violation

Published Apr 5, 2024
CVE-2019-16303CRITICAL

JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0

Published Jun 26, 2020
MAL-2022-1384

Malicious code in azure-synapse-access-control (npm)

Published Jun 20, 2022
MAL-2025-2045

Malicious code in minipay-minidapps (npm)

Published Mar 3, 2025
GHSA-82qx-6vj7-p8m2

OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows

Published Apr 17, 2026
CVE-2025-70058

yapi disables TLS/SSL certificate validation via rejectUnauthorized: false in Axios HTTPS agent

Published Feb 23, 2026
MAL-2022-2657

Malicious code in eclipse-megamovie-build (npm)

Published Jun 20, 2022
MAL-2022-227

Malicious code in @eg-maps/commons (npm)

Published Jun 20, 2022
CVE-2021-34435HIGH

Remote code execution in Eclipse Theia

Published Sep 2, 2021
MAL-2022-235

Malicious code in @epc-apps/edge-lambdas (npm)

Published Jun 20, 2022
GHSA-w85g-3h6x-4xh2

OpenClaw: Image pixel-limit guard can fail open on sips and allow decompression-bomb DoS

Published Apr 3, 2026
GHSA-7rx3-28cr-v5wh

Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry

Published Mar 29, 2026
MAL-2022-5499

Malicious code in ps-brands-assets (npm)

Published Jun 20, 2022
GHSA-2f7j-rp58-mr42

OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients

Published Apr 7, 2026
MAL-2022-5507

Malicious code in pslx (npm)

Published Aug 19, 2022
MAL-2022-642

Malicious code in @tide-web-apps/bert2 (npm)

Published Jun 9, 2022
CVE-2020-28503HIGH

Prototype Pollution in copy-props

Published Jan 6, 2022
MAL-2022-1434

Malicious code in babelpsetreactapp (npm)

Published Aug 19, 2022
CVE-2026-32028

OpenClaw: Discord DM reaction ingress missed dmPolicy/allowFrom checks in restricted setups

Published Mar 3, 2026
GHSA-c4qm-58hj-j6pj

OpenClaw: Browser snapshot and screenshot routes could expose internal page content after navigation

Published Apr 17, 2026
MAL-2022-5488

Malicious code in proptyps (npm)

Published Aug 19, 2022
MAL-2022-507

Malicious code in @platform-apps/portal-ui (npm)

Published Jul 21, 2022
MAL-2022-508

Malicious code in @platform-apps/ui-logger (npm)

Published Jul 21, 2022
MAL-2022-2444

Malicious code in deps-json-webpack-plugin (npm)

Published Jun 20, 2022
CVE-2018-16493HIGH

Path Traversal in simplehttpserver

Published Feb 7, 2019
MAL-2022-2677

Malicious code in eftpsd (npm)

Published Aug 19, 2022
MAL-2022-2829

Malicious code in eslint-plugin-yandex-maps (npm)

Published Jun 20, 2022
MAL-2022-5055

Malicious code in olbizfdwpskrxcen (npm)

Published Jul 11, 2022
MAL-2022-506

Malicious code in @platform-apps/platform-ui-app (npm)

Published Jul 21, 2022
CVE-2021-38148CRITICAL

Obsidian does not require user confirmation for non-http/https URLs.

Published May 24, 2022
MAL-2022-5506

Malicious code in pseudo-loc-for-signin-widget (npm)

Published Jun 20, 2022
MAL-2023-1027

Malicious code in @ozon-maps/map-sdk (npm)

Published Aug 1, 2023
MAL-2024-7805

Malicious code in httpsflood (npm)

Published Jul 25, 2024
MAL-2024-7890

Malicious code in permenmd-vps (npm)

Published Aug 5, 2024
MAL-2022-684

Malicious code in @uc-maps/test (npm)

Published Jun 20, 2022
MAL-2022-686

Malicious code in @uc-maps/tile-layers.react (npm)

Published Jun 20, 2022
MAL-2022-4593

Malicious code in mimetyps (npm)

Published Aug 19, 2022
MAL-2025-148

Malicious code in 3cx-call-control-apps (npm)

Published Jan 20, 2025
MAL-2022-6938

Malicious code in vipps-stitches (npm)

Published Jun 30, 2022
MAL-2024-7110

Malicious code in @zitterorg/adipisci-ipsum (npm)

Published Jul 4, 2024
CVE-2019-17636HIGH

Insufficient Verification of Data Authenticity in Eclipse Theia

Published Apr 13, 2021
MAL-2022-6627

Malicious code in trading-tips (npm)

Published Sep 26, 2022
MAL-2024-1227

Malicious code in @lbnqduy11805/psychic-waffle (npm)

Published Apr 10, 2024
MAL-2024-7148

Malicious code in @zitterorg/cum-ipsum-beatae (npm)

Published Jul 4, 2024
CVE-2021-41264CRITICAL

UUPSUpgradeable vulnerability in @openzeppelin/contracts

Published Sep 15, 2021
MAL-2024-7250

Malicious code in @zitterorg/iusto-ipsum (npm)

Published Jul 4, 2024
CVE-2017-16191HIGH

Directory Traversal in cypserver

Published Sep 1, 2020
MAL-2022-682

Malicious code in @uc-maps/parcel-shapes (npm)

Published Jun 20, 2022
MAL-2024-7241

Malicious code in @zitterorg/ipsum-nam-facere (npm)

Published Jul 4, 2024
CVE-2022-39202MEDIUM

matrix-appservice-irc vulnerable to IRC mode parameter confusion

Published Sep 15, 2022
CVE-2020-27224CRITICAL

Cross-site Scripting (XSS) in Eclipse Theia

Published Apr 13, 2021
MAL-2024-7333

Malicious code in @zitterorg/psychic-adventure (npm)

Published Jul 4, 2024
MAL-2024-12099

Malicious code in opsgeniewebhook (npm)

Published Dec 23, 2024
MAL-2024-1439

Malicious code in @juiggitea/ipsa-voluptatibus-velit (npm)

Published Jun 3, 2024
MAL-2024-8239

Malicious code in @diotoborg/dolore-magnam-ipsam (npm)

Published Sep 2, 2024
MAL-2024-12087

Malicious code in owncloud-customgroups-dev (npm)

Published Dec 21, 2024
MAL-2024-8372

Malicious code in @diotoborg/ipsa-error (npm)

Published Sep 2, 2024
CVE-2023-38700LOW

matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms

Published Aug 4, 2023
MAL-2024-8379

Malicious code in @diotoborg/ipsum-eaque-quidem (npm)

Published Sep 2, 2024
MAL-2024-1440

Malicious code in @juiggitea/ipsam-laborum-earum (npm)

Published Jun 3, 2024
CVE-2021-23375HIGH

Command Injection in psnode

Published May 6, 2021
CVE-2021-23374HIGH

Command Injection in ps-visitor

Published May 7, 2021
MAL-2023-1044

Malicious code in noblox.js-vps (npm)

Published Aug 2, 2023
CVE-2021-23355MEDIUM

Command Injection in ps-kill

Published Mar 19, 2021
MAL-2025-1564

Malicious code in synapse-contracts (npm)

Published Feb 28, 2025
MAL-2024-8061

Malicious code in react-rps-boilerplate (npm)

Published Aug 28, 2024
MAL-2025-191253

Malicious code in @oku-ui/collapsible (npm)

Published Nov 25, 2025
CVE-2026-4926

path-to-regexp vulnerable to Denial of Service via sequential optional groups

Published Mar 27, 2026
MAL-2022-1419

Malicious code in babelhelspevvuejsxmergeprops (npm)

Published Aug 19, 2022
MAL-2025-278

Malicious code in calypso-build (npm)

Published Jan 21, 2025
MAL-2024-9205

Malicious code in working-today--find-the-simpsons-171-script-roblox-4zlhl1 (npm)

Published Oct 9, 2024
CVE-2025-27789

Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups

Published Mar 11, 2025
MAL-2024-9357

Malicious code in down-lo-ad-now-zip-mp3-93-million-miles-psw9n-wbuosp (npm)

Published Oct 16, 2024
MAL-2025-48474

Malicious code in @upside/flex-common-typescript-lib (npm)

Published Oct 17, 2025
MAL-2024-160

Malicious code in epsilonprotect (npm)

Published Jan 24, 2024
MAL-2022-1111

Malicious code in arm-synapse (npm)

Published Jun 20, 2022
MAL-2026-2611

Malicious code in upstart-lending-status (npm)

Published Apr 12, 2026
MAL-2026-2612

Malicious code in upstart-loan-status (npm)

Published Apr 12, 2026
MAL-2026-2615

Malicious code in upstartadmindashboard- (npm)

Published Apr 12, 2026
MAL-2026-2616

Malicious code in upstartapplicationstatus (npm)

Published Apr 12, 2026
MAL-2026-1253

Malicious code in pear-apps-utils-date (npm)

Published Mar 5, 2026
MAL-2025-286

Malicious code in calypso-url (npm)

Published Jan 21, 2025
CVE-2023-38504HIGH

DoS vulnerability for apps with sockets enabled

Published Jul 27, 2023
MAL-2025-2609

Malicious code in eclipse-tractusx-github-io (npm)

Published Mar 24, 2025
MAL-2025-273

Malicious code in babel-plugin-i18n-calypso (npm)

Published Jan 21, 2025
MAL-2022-233

Malicious code in @epc-apps/api-management-plan (npm)

Published May 16, 2022
CVE-2016-10614HIGH

Downloads Resources over HTTP in httpsync

Published Feb 18, 2019
MAL-2025-2124

Malicious code in safe-apps-list (npm)

Published Mar 4, 2025
MAL-2022-2760

Malicious code in eokpshjadwucgytr (npm)

Published Jul 11, 2022
CVE-2020-14968CRITICAL

RSA-PSS signature validation vulnerability by prepending zeros in jsrsasign

Published Jun 26, 2020
MAL-2025-279

Malicious code in calypso-color-schemes (npm)

Published Jan 21, 2025
MAL-2025-3072

Malicious code in mocha-appscan-reporter (npm)

Published Apr 2, 2025
MAL-2026-2614

Malicious code in upstart.previewcss (npm)

Published Apr 12, 2026
MAL-2026-2613

Malicious code in upstart-offer-container (npm)

Published Apr 12, 2026
MAL-2022-387

Malicious code in @ling-web/psdviewer (npm)

Published Jun 20, 2022
CVE-2020-7749HIGH

Injection and Cross-site Scripting in osm-static-maps

Published May 10, 2021
MAL-2025-3876

Malicious code in codm-lucky-shop-pss (npm)

Published May 16, 2025
MAL-2025-4941

Malicious code in puppeteer-proxy-https (npm)

Published Jun 12, 2025
CVE-2020-36629MEDIUM

SimbCo httpster vulnerable to Path Traversal

Published Dec 25, 2022
MAL-2022-5109

Malicious code in opstimlst (npm)

Published Aug 19, 2022
MAL-2026-2410

Malicious code in @the-coca-cola-company/ngps-global-common-utils (npm)

Published Mar 24, 2026
MAL-2025-48578

Malicious code in mender-snapshot (npm)

Published Oct 24, 2025
CVE-2026-25651

client-certificate-auth Vulnerable to Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect

Published Feb 6, 2026
CVE-2023-22474HIGH

Parse Server option `masterKeyIps` vulnerability to IP spoofing

Published Jan 31, 2023
MAL-2026-2371

Malicious code in merchant-rps (npm)

Published Mar 24, 2026
MAL-2024-7736

Malicious code in crypto-ops (npm)

Published Jul 12, 2024
MAL-2026-2755

Malicious code in devops-debug-tool-ctf (npm)

Published Apr 16, 2026
CVE-2020-7716CRITICAL

Prototype Pollution in deeps

Published May 6, 2021
MAL-2024-8479

Malicious code in @diotoborg/nostrum-nostrum-ipsum (npm)

Published Sep 2, 2024
MAL-2022-6385

Malicious code in synapse-managed-private-endpoints (npm)

Published Jun 20, 2022
MAL-2022-6840

Malicious code in usaa-expand-collapse (npm)

Published Jun 20, 2022
MAL-2022-7179

Malicious code in wixapps (npm)

Published Jun 20, 2022
MAL-2022-6598

Malicious code in tochka-cyclops-api (npm)

Published Jun 20, 2022
MAL-2022-6815

Malicious code in ups_node (npm)

Published Jun 20, 2022
CVE-2023-40178MEDIUM

@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError

Published Aug 21, 2023
CVE-2020-4072MEDIUM

Log Forging in generator-jhipster-kotlin

Published Jun 25, 2020
MAL-2022-6188

Malicious code in snapshot-hub (npm)

Published Jun 20, 2022
MAL-2024-10992

Malicious code in onboarding-ops (npm)

Published Nov 27, 2024
MAL-2022-1075

Malicious code in appsuite-mailvelope (npm)

Published Jun 20, 2022
MAL-2022-1097

Malicious code in arm-appservice (npm)

Published Jun 20, 2022
CVE-2019-5480MEDIUM

Path Traversal in statichttpserver

Published Sep 4, 2019
CVE-2022-39263MEDIUM

Upstash Adapter missing token verification

Published Sep 30, 2022
MAL-2022-6382

Malicious code in synapse-access-control (npm)

Published Jun 20, 2022
MAL-2025-2198

Malicious code in vscode-ps1 (npm)

Published Mar 5, 2025
CVE-2022-29166HIGH

Improper handling of multiline messages in node-irc affects matrix-appservice-irc

Published May 23, 2022
MAL-2022-6383

Malicious code in synapse-access-control-1 (npm)

Published Jun 20, 2022
MAL-2025-48286

Malicious code in mshops-web-metrics-components (npm)

Published Oct 10, 2025
MAL-2025-5005

Malicious code in vscode-azurecontainerapps (npm)

Published Jun 17, 2025
MAL-2026-2720

Malicious code in aca-review-apps (npm)

Published Apr 16, 2026
MAL-2026-2984

Malicious code in @bmg-web/bmg-collapse (npm)

Published Apr 22, 2026
MAL-2022-6384

Malicious code in synapse-artifacts (npm)

Published Jun 20, 2022
MAL-2022-679

Malicious code in @uc-maps/geospatial (npm)

Published Jun 20, 2022
MAL-2022-4560

Malicious code in mergeseekrangegaps (npm)

Published Jun 20, 2022
MAL-2025-240

Malicious code in slack-opsgenie-alert-creator (npm)

Published Jan 20, 2025
MAL-2022-1912

Malicious code in cl.i-psinner (npm)

Published Aug 19, 2022
GHSA-cjmm-f4jc-qw8r

DOMPurify ADD_ATTR predicate skips URI validation

Published Apr 3, 2026
MAL-2022-5500

Malicious code in ps-cart-recovery (npm)

Published Jun 20, 2022
MAL-2022-5092

Malicious code in open-xchange-appsuite-spamexperts (npm)

Published Jun 20, 2022
MAL-2022-5107

Malicious code in opsgenie-connectwise-integration (npm)

Published Sep 7, 2022
CVE-2022-40440MEDIUM

mxGraph vulnerable to cross-site scripting in setTooltips function

Published Oct 12, 2022
MAL-2022-4480

Malicious code in maps-theme (npm)

Published Jun 20, 2022
GHSA-jp4j-q5fc-58gv

OpenClaw's Discord component interaction ingress skips guild/channel policy enforcement

Published Mar 31, 2026
MAL-2022-5508

Malicious code in pstbssfpresetenv (npm)

Published Aug 19, 2022
MAL-2025-359

Malicious code in collapsible-group (npm)

Published Jan 23, 2025
MAL-2022-230

Malicious code in @epc-apps/alert-servie (npm)

Published May 16, 2022
MAL-2022-231

Malicious code in @epc-apps/api-generic-plan (npm)

Published May 16, 2022
MAL-2022-232

Malicious code in @epc-apps/api-ingestor (npm)

Published May 16, 2022
MAL-2022-6386

Malicious code in synapse-monitoring (npm)

Published Jun 20, 2022
MAL-2022-6387

Malicious code in synapse-spark (npm)

Published Jun 20, 2022
MAL-2026-724

Malicious code in https-emailjs (npm)

Published Feb 4, 2026
MAL-2022-7233

Malicious code in wp-calypso (npm)

Published Jun 20, 2022
MAL-2022-680

Malicious code in @uc-maps/layer-select.react (npm)

Published Jun 20, 2022
MAL-2022-683

Malicious code in @uc-maps/provider-google.react (npm)

Published Jun 20, 2022
MAL-2022-685

Malicious code in @uc-maps/test1 (npm)

Published Jun 20, 2022
MAL-2022-7355

Malicious code in ymaps-host-configs (npm)

Published Jun 20, 2022
MAL-2022-6476

Malicious code in test-depss (npm)

Published Jun 8, 2022
MAL-2025-4549

Malicious code in @stepstone-genesis/components (npm)

Published May 24, 2025
MAL-2025-4556

Malicious code in eshops-components-library (npm)

Published May 27, 2025
MAL-2022-234

Malicious code in @epc-apps/api-outages (npm)

Published May 16, 2022
CVE-2018-16478MEDIUM

Path Traversal in simplehttpserver

Published Dec 6, 2018
MAL-2025-4404

Malicious code in sps (npm)

Published May 23, 2025
MAL-2022-681

Malicious code in @uc-maps/maps.react (npm)

Published Jun 20, 2022
MAL-2023-278

Malicious code in dow-load-prisoners-of-geography-ten-maps-that-explain-everything-about-the-world-by-tim-ma (npm)

Published May 10, 2023
MAL-2022-2658

Malicious code in eclipse-tslint (npm)

Published Jun 20, 2022
MAL-2025-47103

Malicious code in snapshot-vks (npm)

Published Sep 12, 2025
MAL-2025-4859

Malicious code in ohhttpstubs (npm)

Published Jun 10, 2025
GHSA-533q-w4g6-5586

PsiTransfer: Upload PATCH path traversal can create `config.<NODE_ENV>.js` and lead to code execution on restart

Published Apr 16, 2026
MAL-2025-48612

Malicious code in ajna-rewards-snapshot (npm)

Published Oct 26, 2025
MAL-2022-6951

Malicious code in vkwzriqpsabdfhnc (npm)

Published Jul 12, 2022
MAL-2025-2465

Malicious code in homeappserver (npm)

Published Mar 17, 2025
MAL-2024-11945

Malicious code in build-onchain-apps (npm)

Published Dec 19, 2024
MAL-2022-3416

Malicious code in googleaips (npm)

Published Aug 19, 2022
GHSA-x2m8-53h4-6hch

OpenClaw: Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps

Published Apr 3, 2026
MAL-2022-3705

Malicious code in httpsrver (npm)

Published Aug 19, 2022
MAL-2022-3706

Malicious code in httpstatuscoxes (npm)

Published Aug 19, 2022
CVE-2022-3971MEDIUM

Matrix-appservice-irc vulnerable to sql injection via roomIds argument

Published Nov 13, 2022
MAL-2026-1525

Malicious code in peer-deps-external (npm)

Published Mar 16, 2026
CVE-2018-3716MEDIUM

Stored Cross-Site Scripting in simplehttpserver

Published Jul 26, 2018
MAL-2024-11184

Malicious code in dcapps-cli (npm)

Published Dec 3, 2024
MAL-2022-4479

Malicious code in maps-api-for-javascript (npm)

Published Aug 2, 2022
GHSA-mwp6-j9wf-968c

Critical severity vulnerability that affects generator-jhipster

Published Sep 13, 2019
MAL-2024-1190

Malicious code in hydrogen-sfdgspsdmq-test1 (npm)

Published Apr 3, 2024
MAL-2024-7958

Malicious code in frontend-static-props-provider (npm)

Published Aug 7, 2024
MAL-2022-3148

Malicious code in free-fortnite-skins-app-ps4 (npm)

Published Jun 20, 2022
MAL-2022-5504

Malicious code in ps-validations (npm)

Published Jun 20, 2022
MAL-2024-8375

Malicious code in @diotoborg/ipsam-ad (npm)

Published Sep 2, 2024
MAL-2022-7305

Malicious code in xyz-maps-core (npm)

Published Jun 20, 2022
MAL-2025-1624

Malicious code in rpsreadserv (npm)

Published Feb 28, 2025
MAL-2025-3075

Malicious code in niji-react-collapsible (npm)

Published Apr 2, 2025
MAL-2024-8374

Malicious code in @diotoborg/ipsa-ratione (npm)

Published Sep 2, 2024
CVE-2023-38691MEDIUM

matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs

Published Aug 4, 2023
MAL-2022-7295

Malicious code in xpsaht (npm)

Published Aug 19, 2022
MAL-2022-746

Malicious code in @xvideos/apps (npm)

Published Jun 20, 2022
GHSA-wwfp-w96m-c6x8

OpenClaw: Pairing pending-request caps were enforced per channel instead of per account

Published Apr 7, 2026
MAL-2025-6150

Malicious code in apple-psh (npm)

Published Jul 22, 2025
CVE-2024-31453MEDIUM

PsiTransfer: Violation of the integrity of file distribution

Published Apr 5, 2024
MAL-2025-192745

Malicious code in @aa-techops-ui/ping-authentication (npm)

Published Dec 23, 2025
MAL-2026-150

Malicious code in hoppscotch-agent (npm)

Published Jan 8, 2026
MAL-2025-7129

Malicious code in @clickhouse-team/clickhouse-backups-plugin (npm)

Published Aug 14, 2025
MAL-2022-1072

Malicious code in appsec-event-rules-tools (npm)

Published Jun 20, 2022
MAL-2022-1074

Malicious code in appsforhere (npm)

Published Jun 20, 2022
MAL-2023-450

Malicious code in flutter_appsflyer_sdk (npm)

Published Jun 22, 2023
MAL-2023-486

Malicious code in grunt-heremaps-build (npm)

Published Apr 25, 2023
MAL-2025-7975

Malicious code in @frozen-ui/snapshot-serializer (npm)

Published Aug 14, 2025
MAL-2022-157

Malicious code in @bugbounty-automation/deps-json-webpack-plugin (npm)

Published Jun 20, 2022
MAL-2022-3

Malicious code in --legacy-peer-deps (npm)

Published Sep 7, 2022
MAL-2022-3045

Malicious code in findupsnc (npm)

Published Aug 19, 2022
MAL-2022-3730

Malicious code in hx1-upsrv (npm)

Published Jun 20, 2022
MAL-2026-2617

Malicious code in upstartautoretailadmin (npm)

Published Apr 12, 2026
MAL-2026-2618

Malicious code in upstartdr (npm)

Published Apr 12, 2026
MAL-2026-263

Malicious code in @spx-workforceops/shared-vue (npm)

Published Jan 16, 2026
MAL-2023-8721

Malicious code in jupyter-notebook-deps (npm)

Published Dec 19, 2023
MAL-2022-2248

Malicious code in crsosspsawn (npm)

Published Aug 19, 2022
MAL-2022-2299

Malicious code in cyberops-test-package (npm)

Published Jun 20, 2022
MAL-2023-1487

Malicious code in stormapps (npm)

Published Aug 17, 2023
MAL-2024-1438

Malicious code in @juiggitea/ipsa-odit-illo (npm)

Published Jun 3, 2024
MAL-2026-722

Malicious code in express-groups-routes (npm)

Published Feb 4, 2026
MAL-2022-6949

Malicious code in vk-apps-contacts (npm)

Published Jun 20, 2022
MAL-2022-563

Malicious code in @rnps-ppr/gensen-gotham (npm)

Published Jun 20, 2022
MAL-2024-159

Malicious code in epsilonapi (npm)

Published Jan 24, 2024
MAL-2022-2775

Malicious code in epszkyqktamihwbr (npm)

Published Jul 11, 2022
MAL-2023-245

Malicious code in designer-relationships-a-guide-to-happy-monogamy-positive-polyamory-and-optimistic-open-relationship (npm)

Published May 10, 2023
MAL-2023-583

Malicious code in market-apps-list (npm)

Published Jan 9, 2023
MAL-2025-48425

Malicious code in synthetixio-deps-security-notice (npm)

Published Oct 15, 2025
MAL-2025-4999

Malicious code in eslint-plugin-panel-ops (npm)

Published Jun 16, 2025
MAL-2022-293

Malicious code in @gpsu/common (npm)

Published May 31, 2022
MAL-2025-192969

Malicious code in pepsico-ds (npm)

Published Dec 30, 2025
MAL-2022-3605

Malicious code in helm-secrets-sops-driver (npm)

Published Oct 5, 2022
MAL-2026-1009

Malicious code in express-soaps (npm)

Published Feb 24, 2026
MAL-2022-3170

Malicious code in free-fortnite-skins-ps4-no-human-verification (npm)

Published Jun 20, 2022
MAL-2025-2034

Malicious code in com.frl.aepsych (npm)

Published Mar 3, 2025
MAL-2022-373

Malicious code in @jumpstart-ui/utils (npm)

Published Jun 20, 2022
MAL-2026-1087

Malicious code in bps-design-system (npm)

Published Feb 28, 2026
MAL-2022-3182

Malicious code in free-primogems-app-ps4 (npm)

Published Jun 20, 2022
MAL-2026-1199

Malicious code in fps-logger (npm)

Published Mar 3, 2026
MAL-2022-3189

Malicious code in free-robux-apps (npm)

Published Jun 20, 2022
MAL-2022-3190

Malicious code in free-robux-apps-freerobuxgenertor (npm)

Published Jun 20, 2022
MAL-2022-4858

Malicious code in nixpsweb (npm)

Published Jun 20, 2022
MAL-2022-3519

Malicious code in gulpsourcemuaps (npm)

Published Aug 19, 2022
MAL-2022-3521

Malicious code in gulptypscript (npm)

Published Aug 19, 2022
MAL-2025-276

Malicious code in calypso-apps-builder (npm)

Published Jan 21, 2025
MAL-2025-275

Malicious code in calypso-analytics (npm)

Published Jan 21, 2025
MAL-2025-277

Malicious code in calypso-babel-config (npm)

Published Jan 21, 2025
MAL-2026-2575

Malicious code in @ascend-ops/web-client (npm)

Published Apr 13, 2026
MAL-2022-505

Malicious code in @platco/ceps-pc-validation-library (npm)

Published Jun 20, 2022
MAL-2025-4331

Malicious code in data-portal-dwh-apps-fe (npm)

Published May 23, 2025
MAL-2022-4832

Malicious code in nextcloudappstore (npm)

Published Jun 20, 2022
MAL-2022-5091

Malicious code in open-xchange-appsuite (npm)

Published Jun 20, 2022
MAL-2022-5100

Malicious code in opensea-ships-log (npm)

Published Jun 20, 2022
MAL-2022-5108

Malicious code in opsie (npm)

Published May 9, 2022
MAL-2024-8376

Malicious code in @diotoborg/ipsam-atque-eos (npm)

Published Sep 2, 2024
MAL-2022-5482

Malicious code in promohlineupselling (npm)

Published Jul 21, 2022
MAL-2025-4415

Malicious code in utility-capsule (npm)

Published May 23, 2025
MAL-2023-826

Malicious code in sync-https-api (npm)

Published Jun 21, 2023
MAL-2022-625

Malicious code in @techops-ui/ping-authentication (npm)

Published May 31, 2022
MAL-2022-6289

Malicious code in stale-props (npm)

Published Nov 14, 2022
MAL-2022-5199

Malicious code in pakistan_hsudoaps (npm)

Published Jun 20, 2022
MAL-2025-1201

Malicious code in zapier-shops-orders (npm)

Published Feb 3, 2025
MAL-2022-7351

Malicious code in yhps (npm)

Published Jun 20, 2022
MAL-2025-49285

Malicious code in groupstrap (npm)

Published Oct 31, 2025
MAL-2024-7237

Malicious code in @zitterorg/ipsam-deserunt (npm)

Published Jul 4, 2024
MAL-2024-7238

Malicious code in @zitterorg/ipsam-magnam (npm)

Published Jul 4, 2024
MAL-2024-7239

Malicious code in @zitterorg/ipsam-officia (npm)

Published Jul 4, 2024
MAL-2024-7240

Malicious code in @zitterorg/ipsum-magnam (npm)

Published Jul 4, 2024
MAL-2025-5066

Malicious code in vscode-azurestaticwebapps (npm)

Published Jun 17, 2025
MAL-2026-2675

Malicious code in mongoose-stamps (npm)

Published Apr 15, 2026
MAL-2026-3187

Malicious code in apple-appstore-full-library-utility (npm)

Published Apr 29, 2026
MAL-2024-7973

Malicious code in mapbox-maps-android (npm)

Published Aug 7, 2024
MAL-2024-10308

Malicious code in vpsnet-website (npm)

Published Nov 2, 2024
MAL-2022-3036

Malicious code in fin-common-snapshot (npm)

Published Jun 20, 2022
MAL-2023-505

Malicious code in hpsmartstreamforindesigncccrack_7kh (npm)

Published May 9, 2023
MAL-2024-8554

Malicious code in @diotoborg/qui-ullam-ipsum (npm)

Published Sep 2, 2024
MAL-2022-5501

Malicious code in ps-crypt (npm)

Published Jun 20, 2022
MAL-2022-5502

Malicious code in ps-react-bootstrap (npm)

Published Jun 20, 2022
MAL-2022-5503

Malicious code in ps-request-ws (npm)

Published Jun 20, 2022
MAL-2022-3207

Malicious code in free-vbucks-app-ps4 (npm)

Published Jun 20, 2022
MAL-2024-10684

Malicious code in styledcomps (npm)

Published Nov 13, 2024
MAL-2022-3957

Malicious code in iron-collapse (npm)

Published Jul 21, 2022
MAL-2022-564

Malicious code in @rnps-ppr/ppr-gensenjs (npm)

Published Jun 20, 2022
MAL-2025-191309

Malicious code in @sameepsi/sor (npm)

Published Nov 24, 2025
MAL-2026-413

Malicious code in coopshares-webcomponent (npm)

Published Jan 21, 2026
MAL-2025-191564

Malicious code in aps-simple-viewer-nodejs (npm)

Published Dec 1, 2025
MAL-2026-656

Malicious code in jshint-groups (npm)

Published Feb 3, 2026
MAL-2022-5716

Malicious code in record-data-encapsulation-test-app (npm)

Published Jun 20, 2022
MAL-2024-11048

Malicious code in k8s-apps-wordpress (npm)

Published Nov 27, 2024
MAL-2022-5748

Malicious code in remotepshell (npm)

Published Jul 20, 2022
MAL-2025-190967

Malicious code in hyperterm-hipster (npm)

Published Nov 24, 2025
MAL-2025-190999

Malicious code in react-native-google-maps-directions (npm)

Published Nov 24, 2025
MAL-2022-4126

Malicious code in kbn-ui-shared-deps (npm)

Published Jun 20, 2022
MAL-2024-12132

Malicious code in zoomapps-texteditor-vuejs (npm)

Published Dec 26, 2024
MAL-2025-191094

Malicious code in flapstacks (npm)

Published Nov 24, 2025
MAL-2024-1426

Malicious code in @juiggitea/dolorum-temporibus-ipsam (npm)

Published Jun 3, 2024
MAL-2024-11988

Malicious code in gps-gateway-client (npm)

Published Dec 19, 2024
MAL-2022-1219

Malicious code in azps-tools (npm)

Published Jun 20, 2022
MAL-2022-3355

Malicious code in getseekrangegapsfromshakareferences (npm)

Published Jun 20, 2022
MAL-2024-7236

Malicious code in @zitterorg/ipsa-in-aliquam (npm)

Published Jul 4, 2024
MAL-2025-2202

Malicious code in opstooling-js-style (npm)

Published Mar 6, 2025
MAL-2022-3373

Malicious code in github-helpscout-collector (npm)

Published Jun 20, 2022
MAL-2024-7875

Malicious code in boostrapsio (npm)

Published Aug 1, 2024
MAL-2022-6035

Malicious code in servicenow_cicd_azuredevops (npm)

Published Jun 20, 2022
MAL-2024-7997

Malicious code in trips-pwa-localization (npm)

Published Aug 7, 2024
MAL-2022-4221

Malicious code in kpsbwogicxvtfqur (npm)

Published Jul 11, 2022
MAL-2024-8121

Malicious code in @diotoborg/aliquam-dolorum-ipsa (npm)

Published Sep 2, 2024
MAL-2025-280

Malicious code in calypso-config (npm)

Published Jan 21, 2025
MAL-2024-8377

Malicious code in @diotoborg/ipsam-dolores-labore (npm)

Published Sep 2, 2024
MAL-2024-8378

Malicious code in @diotoborg/ipsam-sequi (npm)

Published Sep 2, 2024
MAL-2022-3395

Malicious code in glpsass (npm)

Published Aug 19, 2022
MAL-2024-8535

Malicious code in @diotoborg/psychic-bassoon (npm)

Published Sep 2, 2024
MAL-2024-1456

Malicious code in @juiggitea/nobis-reprehenderit-ipsa-porro (npm)

Published Jun 3, 2024
MAL-2022-6123

Malicious code in simple_cups-handler (npm)

Published Jun 20, 2022
MAL-2025-4112

Malicious code in pumpswap-sdk (npm)

Published May 21, 2025
MAL-2024-9144

Malicious code in entrevista_devops (npm)

Published Oct 9, 2024
MAL-2025-294

Malicious code in dops-components (npm)

Published Jan 21, 2025
MAL-2025-1646

Malicious code in battleships-player (npm)

Published Mar 1, 2025
MAL-2022-5497

Malicious code in ps-asymmetric-crypts (npm)

Published Jun 20, 2022
MAL-2022-5498

Malicious code in ps-bootstrap (npm)

Published Jun 20, 2022
MAL-2022-5505

Malicious code in psaqko (npm)

Published Aug 19, 2022
MAL-2025-4015

Malicious code in reactbootstraps (npm)

Published May 19, 2025
MAL-2025-3196

Malicious code in phpseclib (npm)

Published Apr 9, 2025
MAL-2023-501

Malicious code in hit-makers-the-science-of-popularity-in-an-age-of-distraction-by-derek-thompson-on-ipad-new-version- (npm)

Published May 10, 2023
MAL-2023-698

Malicious code in prisoners-of-geography-ten-maps-that-explain-everything-about-the-world-by-tim-marshall-on-iphone-fu (npm)

Published May 10, 2023
MAL-2022-677

Malicious code in @uc-maps/api.react (npm)

Published Jun 20, 2022
MAL-2025-6193

Malicious code in ppsdkconstants (npm)

Published Jul 22, 2025
MAL-2026-1252

Malicious code in pear-apps-utils-avatar-initials (npm)

Published Mar 5, 2026
MAL-2025-1238

Malicious code in hcpss (npm)

Published Feb 7, 2025
MAL-2026-1555

Malicious code in typescript-vue-apollo-smart-ops (npm)

Published Mar 16, 2026
MAL-2025-3712

Malicious code in eipsend (npm)

Published May 5, 2025
MAL-2024-10701

Malicious code in htp-https (npm)

Published Nov 14, 2024
MAL-2022-678

Malicious code in @uc-maps/boundaries-core.react (npm)

Published Jun 20, 2022
MAL-2026-2619

Malicious code in upstartloans (npm)

Published Apr 12, 2026
MAL-2026-2620

Malicious code in upstartportal (npm)

Published Apr 12, 2026
MAL-2025-288

Malicious code in create-calypso-config (npm)

Published Jan 21, 2025
MAL-2025-3

Malicious code in safe-apps-react-sdk (npm)

Published Jan 2, 2025
MAL-2024-1226

Malicious code in @lbnqduy11805/psychic-journey (npm)

Published Apr 10, 2024
GHSA-xj9w-5r6q-x6v4

OpenClaw: Device-Paired Node Skips Node Scope Gate → Host RCE.md

Published Apr 3, 2026
MAL-2025-2772

Malicious code in macappstore (npm)

Published Mar 28, 2025
MAL-2025-3153

Malicious code in htps-curl (npm)

Published Apr 7, 2025
MAL-2022-1952

Malicious code in cmpsitdbgofqnjuk (npm)

Published Jul 11, 2022
MAL-2022-1959

Malicious code in cnqihwetjuapsgkb (npm)

Published Jul 11, 2022
MAL-2022-643

Malicious code in @tide-web-apps/global-environments (npm)

Published Jun 14, 2022
MAL-2022-6494

Malicious code in test-za-sec-psh (npm)

Published Jun 20, 2022
MAL-2024-12151

Malicious code in launchpad6-dev-ops (npm)

Published Dec 27, 2024
MAL-2023-8053

Malicious code in repsol-uikit (npm)

Published Aug 31, 2023
MAL-2023-1009

Malicious code in zoomapps-customlayout-js (npm)

Published Jul 4, 2023
MAL-2022-696

Malicious code in @unpkg-semver/pedops-logger (npm)

Published Jun 20, 2022
MAL-2025-47818

Malicious code in com.unity.2d.psdimporter (npm)

Published Sep 28, 2025
MAL-2025-285

Malicious code in calypso-typescript-config (npm)

Published Jan 21, 2025
MAL-2024-8531

Malicious code in @diotoborg/provident-ipsam (npm)

Published Sep 2, 2024
MAL-2025-4644

Malicious code in https-parse (npm)

Published Jun 3, 2025
MAL-2024-8373

Malicious code in @diotoborg/ipsa-magni-debitis (npm)

Published Sep 2, 2024
MAL-2025-47853

Malicious code in mshops-seo-ui (npm)

Published Sep 26, 2025
MAL-2024-11344

Malicious code in electron_npm_deps (npm)

Published Dec 9, 2024
MAL-2026-336

Malicious code in @cda-apps/source (npm)

Published Jan 19, 2026
MAL-2025-4812

Malicious code in apple-appstore-server-library (npm)

Published Jun 10, 2025
MAL-2026-769

Malicious code in https-servers (npm)

Published Feb 5, 2026
MAL-2025-47969

Malicious code in @pumpswap-sdk4/metadata (npm)

Published Oct 7, 2025
MAL-2026-1642

Malicious code in @upstashed/context7-mcp (npm)

Published Mar 18, 2026
MAL-2025-1656

Malicious code in azps (npm)

Published Mar 1, 2025
MAL-2026-1254

Malicious code in pear-apps-utils-qr (npm)

Published Mar 5, 2026
MAL-2025-191310

Malicious code in @sameepsi/sor2 (npm)

Published Nov 24, 2025
MAL-2026-630

Malicious code in cowsay-allcaps (npm)

Published Feb 2, 2026
MAL-2026-631

Malicious code in cowsay-caps (npm)

Published Feb 2, 2026
MAL-2026-908

Malicious code in hops-preset-jest (npm)

Published Feb 15, 2026
MAL-2025-1476

Malicious code in @idps/contrib-client (npm)

Published Feb 19, 2025
MAL-2025-48765

Malicious code in tps-lookup (npm)

Published Oct 23, 2025
MAL-2025-4958

Malicious code in snapshot-server (npm)

Published Jun 14, 2025
MAL-2026-1969

Malicious code in spstargm (npm)

Published Mar 20, 2026
MAL-2025-281

Malicious code in calypso-doctor (npm)

Published Jan 21, 2025
MAL-2025-282

Malicious code in calypso-e2e (npm)

Published Jan 21, 2025
MAL-2025-283

Malicious code in calypso-eslint-overrides (npm)

Published Jan 21, 2025
MAL-2025-284

Malicious code in calypso-jest (npm)

Published Jan 21, 2025
MAL-2025-3641

Malicious code in psalm (npm)

Published May 6, 2025
MAL-2026-1250

Malicious code in pear-apps-lib-feedback (npm)

Published Mar 5, 2026
MAL-2026-1251

Malicious code in pear-apps-lib-ui-react-hooks (npm)

Published Mar 5, 2026
MAL-2025-70

Malicious code in marked-ps (npm)

Published Jan 12, 2025
MAL-2026-136

Malicious code in npe-toolkit-server-deps (npm)

Published Jan 7, 2026
MAL-2026-249

Malicious code in @flipster/utils (npm)

Published Jan 13, 2026
Check your entire dependency tree at onceRun dependency scan →