st
1001 known vulnerabilities · 31 critical · 71 high
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
Malicious code in jssdk-infrastructure (npm)
Malicious code in @getstep/sdk (npm)
n8n: Legacy ExecuteWorkflow Node Bypassed File Path Restrictions
Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler
@libp2p/kad-dht: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes
n8n: Credential exfiltration via Allowed HTTP Request Domains Bypass
Malicious code in int_pinterest_sfra (npm)
OpenClaw: Untrusted workspace channel shadows could execute during built-in channel setup
Malicious code in sddst-ui (npm)
browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler
vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain
Malicious code in @f2p-mml-frontends/mml-styles (npm)
HAX open-apis: Credential Theft via Server-Side Request Forgery (SSRF) in open-apis
Malicious code in @cloudways-lab/unified-design-system (npm)
NodeVM observability builtins leak host process and HTTP request data
Malicious code in email-deliverability-tester (npm)
Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers
Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements
vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE
Malicious code in system-library-gameanalytics-common (npm)
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
@nocobase/database has SQL Injection via String Concatenation through Recursive Eager Loading
browserstack-runner has an unauthenticated arbitrary file read via path traversal in HTTP server
Malicious code in test494 (npm)
React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint
vm2 setup-sandbox.js violates Defense Invariant #11 in stack-trace formatter
Malicious code in schibsted-style (npm)
string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS)
steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments
Malicious code in stablecoin-aptos (npm)
Malicious code in @posthog/laudspeaker-plugin (npm)
NodeVM builtin denylist bypass via process and inspector/promises allows host code execution
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`
Malicious code in system-library-gameanalytics-slotanalytics (npm)
React Router has stored XSS via unescaped Location header in prerendered redirect HTML
Unrestricted Upload of File with Dangerous Type in Strapi
FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of escapeTdString
OpenClaude MCP OAuth Callback: State Check Bypass via error Param Leads to DoS
Malicious code in @beproduct/nestjs-auth (0.1.2 through 0.1.19) — Mini Shai-Hulud worm
Malicious code in @browserbasehq/stagehand-docs (npm)
Malicious code in @voiceflow/nestjs-rate-limit (npm)
Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying
AgenticMail API/storage and outbound relay hardening fixes
claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh
Malicious code in babel-plugin-standalone (npm)
Strapi: Password Reset Does Not Revoke Existing Refresh Sessions
HAX CMS: Denial of Service using Malicious Import Request
NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability
Missing proper state, nonce and PKCE checks for OAuth authentication
Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials
9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes
Malicious code in @amber-team/storybook-utils (npm)
Malicious code in aoe_playstyle (npm)
Malicious code in elf-stats-bright-cushion-246 (npm)
Malicious code in dotgov-list (npm)
@grackle-ai/server: Unescaped Error String in renderPairingPage() HTML Template
Malicious code in api-routes-rest (npm)
OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding
Malicious code in elf-stats-merry-chimney-765 (npm)
Malicious code in @diotoborg/dolorum-iste-excepturi (npm)
Malicious code in @diotoborg/eaque-iste (npm)
Malicious code in elf-stats-snowdusted-fireplace-396 (npm)
Malicious code in elf-stats-snowdusted-saddlebag-790 (npm)
OpenClaw has a gateway exec allowlist allow-always bypass via unregistered /usr/bin/script wrapper
Malicious code in zdachboostv3 (npm)
OpenClaw's Zalo group sender allowlist bypass permits unauthorized GROUP dispatch
Malicious code in elf-stats-sparkly-cocoa-863 (npm)
Malicious code in elf-stats-sprucey-snowman-250 (npm)
Malicious code in elf-stats-twinkling-marshmallow-913 (npm)
Markdownify MCP Server allows Server-Side Request Forgery (SSRF) via the Markdownify.get() function
Malicious code in elf-stats-wintry-icicle-283 (npm)
Malicious code in @azure-tests/perf-service-bus (npm)
Malicious code in @diotoborg/esse-distinctio-repellat (npm)
Malicious code in elf-stats-frostbitten-reindeer-875 (npm)
Malicious code in elf-stats-ginger-reindeer-411 (npm)
Malicious code in elf-stats-gingersnap-ornament-469 (npm)
Malicious code in elf-stats-glittering-fir-252 (npm)
eivindfjeldstad-dot contains prototype pollution vulnerability
AutoUpdater module fails to validate certain nested components of the bundle
OpenClaw has incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in `!stop` Chat Command via `shell-utils.ts`
Duplicate Advisory: OpenClaw's Node system.run approval hardening wrapper semantic drift can execute unintended local scripts
@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state
openclaw-claude-bridge: sandbox is not effective - `--allowed-tools ""` does not restrict available tools
Malicious code in elf-stats-merry-cookiejar-442 (npm)
Malicious code in elf-stats-sleighing-nutcracker-806 (npm)
Malicious code in elf-stats-silvered-star-676 (npm)
Malicious code in elf-stats-snowdusted-lantern-234 (npm)
OpenClaw: Matrix profile config persistence was reachable from operator.write message tools
Malicious code in @t-in-one/save_application_hid_to_storage (npm)
Malicious code in elf-stats-snowdusted-cookiejar-250 (npm)
Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings
Malicious code in elf-stats-candlelit-train-228 (npm)
Duplicate Advisory: OpenClaw's Slack reaction/pin sender-policy consistency issue in non-message ingress
Malicious code in elf-stats-twinkling-bell-867 (npm)
Malicious code in @diotoborg/iste-laborum (npm)
Status Board vulnerable to Cross-Site Scripting before v1.1.82
Malicious code in arm-attestation (npm)
Malicious code in arm-azurestack (npm)
OpenClaw bootstrap setup codes could be replayed to escalate pending pairing scopes before approval
OpenClaw has a IPv6 multicast SSRF classifier bypass
Malicious code in cd-system (npm)
OpenClaw's config env vars allowed startup env injection into service runtime
Malicious code in amazon-testpackage (npm)
Malicious code in @diotoborg/molestiae-doloribus (npm)
Malicious code in elf-stats-caroling-wreath-635 (npm)
Malicious code in @diotoborg/molestiae-maxime (npm)
Malicious code in elf-stats-glittering-cookie-844 (npm)
OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins
Backstage vulnerable to potential reading of SCM URLs using built in token
deepHas vulnerable to Prototype Pollution via constructor.prototype
Malicious code in @cloudplatform-single-spa/static-page (npm)
Malicious code in nextcloud-js-tests (npm)
webpack-dev-server users' source code may be stolen when they access a malicious web site
OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation
Malicious code in string-multiutils (npm)
Malicious code in postcssmipot (npm)
Malicious code in @t-in-one/restore_application_hid_from_storage (npm)
Malicious code in @t-in-one/safe_local_storage_token (npm)
Malicious code in pycodestyle (npm)
Malicious code in style-postprocessor (npm)
Malicious code in privacy-test-pages (npm)
OpenClaw BlueBubbles webhook auth bypass via loopback proxy trust
Malicious code in bitu-staking (npm)
expr-eval does not restrict functions passed to the evaluate function
Malicious code in changelog-utils-structured-logger (npm)
Malicious code in chai-use-test (npm)
Malicious code in codex-devcontainer-install (npm)
Malicious code in customerdigital-service-lib (npm)
Malicious code in elf-stats-shimmering-muffin-598 (npm)
Stored XSS via <iframe> in HAX CMS allows access to sensitive client-side data and account takeover
ApostropheCMS: Information Disclosure via choices/counts Query Parameters Bypassing publicApiProjection Field Restrictions
Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)
Astro's server source code is exposed to the public if sourcemaps are enabled
Fastify's connection header abuse enables stripping of proxy-added headers
Strapi Upload Plugin MIME Validation Bypass via Content API
OpenClaw: Node camera URL payload host-binding bypass allowed gateway fetch pivots
Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override
Malicious code in @azure-tests/perf-keyvault-secrets (npm)
Malicious code in web-stories-renderer (npm)
Malicious code in web-stories-wp (npm)
Duplicate Advisory: Signal group allowlist authorization bypass via DM pairing-store leakage
OpenClaw: workspace path guard bypass on non-existent out-of-root symlink leaf
Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation
OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode
Ghost vulnerable to information disclosure of private API fields
Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`
Malicious code in 0g-storage-contracts (npm)
Malicious code in sovryn-node-integration-tests (npm)
Malicious code in sp-bootstrap (npm)
Directus: Sensitive fields exposed in revision history
Malicious code in sparhandy-speedtest (npm)
Malicious code in seller-listing-service (npm)
Duplicate Advisory: OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients
Malicious code in node-integration-test (npm)
webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence
Pug allows JavaScript code execution if an application accepts untrusted input
Malicious code in usaa-a11y-test (npm)
@fastify/middie vulnerable to middleware authentication bypass in child plugin scopes
steal vulnerable to Prototype Pollution via requestedVersion variable
Malicious code in state.aggregator (npm)
Malicious code in @aia-digital/request-module (npm)
Malicious code in statusim-mobile (npm)
Malicious code in steamdb-browser-extension (npm)
Malicious code in stnylelint-config-tandrad (npm)
Malicious code in storage-blob-changefeed (npm)
Malicious code in storageblob (npm)
Malicious code in stories-carousel (npm)
Malicious code in streamer-market-dashboard (npm)
undici before v5.8.0 vulnerable to CRLF injection in request headers
Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding
Malicious code in stressfault (npm)
Malicious code in stripe-demo-connect-standard-saas-platform (npm)
Malicious code in @azure-tests/perf-monitor-query (npm)
Claude Code can execute commands prior to the startup trust dialog
OpenClaw vulnerable to path traversal (Zip Slip) in archive extraction during explicit installation commands
Malicious code in stylelint-config-monorepo-palantir (npm)
Malicious code in stylis-ifl4 (npm)
Strapi mishandles hidden attributes within admin API responses
Malicious code in stylleint (npm)
OpenClaw has an inbound allowlist policy bypass in voice-call extension (empty caller ID + suffix matching)
Backstage Scaffolder plugin vulnerable to Server-Side Request Forgery
Malicious code in suggests (npm)
OpenClaw is Missing Webhook Authentication in Telnyx Provider Allows Unauthenticated Requests
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
happy-dom's `--disallow-code-generation-from-strings` is not sufficient for isolating untrusted JavaScript
Malicious code in apple-internal-pki-trust (npm)
@stablelib/cbor: Stack exhaustion Denial of Service via deeply nested CBOR arrays, maps, or tags
Malicious code in azure-storage-common-cpp (npm)
Malicious code in super-streams (npm)
ws affected by a DoS when handling a request with many HTTP headers
Malicious code in gop_status_frontend (npm)
LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern
OpenClaw: Host exec environment overrides miss proxy, TLS, Docker, and Git TLS controls
Malicious code in opti-distube (npm)
Memory exhaustion in SvelteKit remote form deserialization (experimental only)
Malicious code in arm-storsimple8000series (npm)
Apostrophe CMS Insufficient Session Expiration vulnerability
Malicious code in @transaction-list/transaction-list-xs (npm)
OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text
Malicious code in @amber-team/stylelint-config (npm)
Malicious code in @azure-tests/perf-storage-blob-track-1 (npm)
OpenClaw: Unicode canonicalization drift in node metadata policy classification could broaden node allowlists
Malicious code in mp3-file-zip-d-ownload-33971-the-imagination-stage-ar0bb-cvzjxl (npm)
google-cloudstorage-commands Command Injection vulnerability
Malicious code in codewhisperer-streaming (npm)
ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint
Malicious code in test-aaa-yyyy-zzz (npm)
Malicious code in test-code-012 (npm)
vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion
OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypass
Malicious code in reqstus (npm)
OpenClaw: Tlon Startup Migration Rehydrates Empty-Array Revocations From File Config
Malicious code in test-code-012111 (npm)
Malicious code in test-inherited-attrs (npm)
Malicious code in test-marek-common (npm)
Malicious code in test-npm-mal-kfir (npm)
OpenClaw's unauthenticated Nostr profile HTTP endpoints allow remote profile/config tampering
Astro development server error page is vulnerable to reflected Cross-site Scripting
Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id
Malicious code in testhackhacks (npm)
Malicious code in testherejson (npm)
Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains
Malicious code in testing-npm-random (npm)
Malicious code in testingtesttencencent (npm)
Malicious code in @globalsearch/productstub (npm)
OpenClaw: Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send
@stablelib/cbor: Prototype poisoning via `__proto__` map keys in CBOR decoding
Malicious code in testmatrix (npm)
Malicious code in testnpmad12 (npm)
Malicious code in testpackagehere (npm)
vm2's Transformer Fast-Path Bypass Exposes Internal State Variable
.eth registrar controller can shorten the duration of registered names
OpenClaw: Slack system events bypass sender authorization in member and message subtype handlers
Malicious code in administracja_reklamowa (npm)
Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association
Websites were able to send any requests to the development server and read the response in vite
Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path
Duplicate Advisory: OpenClaw: stageSandboxMedia destination symlink traversal can overwrite files outside sandbox workspace
Duplicate Advisory: OpenClaw: workspace path guard bypass on non-existent out-of-root symlink leaf
Malicious code in react-tailwindcss-style (npm)
parse-server's endpoint `/loginAs` allows `readOnlyMasterKey` to gain full read and write access as any user
Duplicate Advisory: OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication
Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands
llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding
Malicious code in @bootstrap-base-nabtrade-design/components (npm)
Malicious code in umbqstxngoajrkpi (npm)
path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability
Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows
Moderate severity vulnerability that affects bootstrap and bootstrap-sass
Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS
OpenClaw's Telegram message_reaction authorization bypass allows unauthorized system-event injection
OpenClaw has Signal group allowlist authorization bypass via DM pairing-store leakage
Malicious code in starbuckssystem.website (npm)
Downloads Resources over HTTP in selenium-standalone-painful
Duplicate Advisory: OpenClaw: Unbound interpreter and runtime commands could bypass node-host approval integrity
Malicious code in assisted-chat (npm)
OpenClaw has a Matrix allowlist bypass via displayName and cross-homeserver localpart matching
OpenClaw's Trusted-proxy Control UI sessions retain privileged scopes without device identity on device-less allow paths
Malicious code in chai-status (npm)
Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused
@backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint
Malicious code in spaintest1 (npm)
Malicious code in @tanstack/eslint-plugin-start (npm)
Malicious code in @tanstack/vue-start-server (npm)
n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no
Parse Server's custom object ID allows to acquire role privileges
Malicious code in testinghs (npm)
Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4
OpenClaw has multiple E2E/test Dockerfiles that run all processes as root
h3 has a Path Traversal via Percent-Encoded Dot Segments in serveStatic Allows Arbitrary File Read
OpenClaw has unbounded memory growth in Zalo webhook via query-string key churn (unauthenticated DoS)
MongoDB Shell may be susceptible to control character injection via pasting
OpenClaw: Unbound bootstrap setup codes allow privilege escalation during pairing
Vulnerability in list function leads to arbitrary code execution via filePath parameters
Dark Reader gives users the ability to request style sheets from local web servers
Malicious code in @wixui/editor-elements-design-systems (npm)
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name
Buttercup allows attackers to obtain the hash of the master password
Hono allows bypass of CSRF Middleware by a request without Content-Type header.
Flowise has Authorization Bypass via Spoofed x-request-from Header
Uptime Kuma's Regular Expression in pushdeeer and whapi file Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
OpenClaw: Heartbeat owner downgrade missed untrusted webhook wake events
sharp vulnerable to Command Injection in post-installation over build environment
OpenClaw: Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode
HackMD MCP Server has Server-Side Request Forgery (SSRF) vulnerability
tarteaucitron.js allows prototype pollution via custom text injection
Malicious code in @bmw-chris/testmodule-default-frontend (npm)
Astro: Remote allowlist bypass via unanchored matchPathname wildcard
OpenClaw's `tools.exec.safeBins` PATH-hijack allowed trojan binaries to bypass allowlist checks
Cross-Site Scripting in bootstrap-select
Http request which redirect to another hostname do not strip authorization header in @actions/http-client
Duplicate Advisory: OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions
Malicious code in buildstamp-monorepo (npm)
Malicious code in @azure-tests/perf-ai-metrics-advisor (npm)
Malicious code in circonus-statsd-backend (npm)
Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter)
Malicious code in @azure-tests/perf-template (npm)
Malicious code in orchestrix (npm)
Malicious code in @fbsystem/figma-graphql (npm)
Malicious code in ethers-wordlist (npm)
Malicious code in encryptte-test (npm)
OpenClaw: MSTeams thread history bypasses sender allowlist via Graph API
Malicious code in azure-storage-blob-changefeed (npm)
Malicious code in @azure-tests/perf-ai-text-analytics (npm)
Malicious code in etn_validator_list (npm)
Malicious code in @boosted-bounty/cassandra-helpers (npm)
Flowise: Path Traversal in Vector Store basePath
React Router has unexpected external redirect via untrusted paths
Malicious code in seacpe-string-regexp (npm)
Malicious code in @harrysforge/number-stepper (npm)
Malicious code in mattermost-webapp-profiling (npm)
Malicious code in construct-burst (npm)
Flowise vulnerable to RCE via Dynamic function constructor injection
Malicious code in boostrapsio (npm)
Server-Side Request Forgery and Inclusion of Functionality from Untrusted Control Sphere in jsreport
Malicious code in @azure-tests/perf-core-rest-pipeline (npm)
Malicious code in qiwi-substrate-monorepo (npm)
Malicious code in test1_l3yx (npm)
OpenClaw: system.run approval identity mismatch could execute a different binary than displayed
Malicious code in angieslist-composed-components (npm)
Malicious code in test4948 (npm)
Malicious code in design-system-base (npm)
Malicious code in angieslist-gulp-build-tasks (npm)
Malicious code in newtestforme1008 (npm)
Malicious code in angieslist-styleguide (npm)
html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS)
Malicious code in you-are-a-badass-at-making-money-master-the-mindset-of-wealth-by-jen-sincero-on-mac-new-version- (npm)
Malicious code in @medusajs/analytics-posthog (npm)
AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection
Malicious code in angieslist-styles (npm)
Malicious code in pluxee-design-system (npm)
Nu Html Checker (vnu) contains a Server-Side Request Forgery (SSRF) vulnerability
Malicious code in angular-dev-test (npm)
Multer vulnerable to Denial of Service via unhandled exception from malformed request
Malicious code in eslint-config-scp-custom-rules (npm)
Malicious code in postcss-file-match (npm)
Malicious code in @monokera/react-components-storybook (npm)
Malicious code in bm_pinterest (npm)
Malicious code in eslint-plugin-scp-custom-rules (npm)
Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser
Malicious code in @azure-tests/perf-keyvault-certificates (npm)
Malicious code in api-extractor-test-01 (npm)
Malicious code in storyblok-bridge (npm)
Better Auth affected by external request basePath modification DoS
Malicious code in testhacknowz (npm)
Malicious code in elf-stats-caroling-hammer-382 (npm)
Malicious code in elf-stats-cocoa-workshop-459 (npm)
electerm: electerm_install_script_CommandInjection Vulnerability Report
Malicious code in arm-storsimple1200series (npm)
Malicious code in elf-stats-flickering-satchel-815 (npm)
Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation
OpenClaw: Self-Whitelisting in appendLocalMediaParentRoots Allows Arbitrary File Read & Credential Exfiltration
Malicious code in @azure-tests/perf-storage-file-share-track-1 (npm)
OpenClaw: Discord voice manager bypasses channel-level member access allowlist
@fastify/static vulnerable to route guard bypass via encoded path separators
Malicious code in atlas-custom-behaviour (npm)
Malicious code in elf-stats-snowy-candy-850 (npm)
Malicious code in @zitterorg/iusto-iusto-quasi (npm)
Malicious code in @freestarcapital/collector-pipeline (npm)
OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State
Malicious code in athulkrishnan_test_package (npm)
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()
Malicious code in chat-history-log-viewer (npm)
Malicious code in @diotoborg/quis-tempore-distinctio (npm)
Malicious code in elf-stats-mulled-drum-529 (npm)
Malicious code in com.unity.cluster-display (npm)
BrowserStack Local vulnerable to Command Injection through logfile variable
Malicious code in elf-stats-candystriped-chimney-879 (npm)
Malicious code in elf-stats-bright-cocoa-293 (npm)
Malicious code in solana-stable-web-huks (npm)
DbGate has cross site scripting via the SVG Icon String Handler component
Malicious code in elf-stats-candlelit-hollyberry-248 (npm)
OpenClaw: Sandbox staged writes could escape the verified parent directory before commit
Malicious code in ssc-ui-static (npm)
n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks
OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode
Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox
Malicious code in elf-stats-sparkly-hammer-880 (npm)
Malicious code in elf-stats-whimsical-chimney-949 (npm)
Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial
Malicious code in @diotoborg/dolores-iusto (npm)
CleverTap Web SDK is vulnerable to DOM-based Cross-Site Scripting (XSS) via window.postMessage
Malicious code in xpack-test-3.0 (npm)
OpenClaw: Memory dreaming config persistence was reachable from operator.write commands
Malicious code in browserstack-utils (npm)
Malicious code in azure-container-registry-samples-ts (npm)
Malicious code in f0-state-holder-duke (npm)
Malicious code in @harvest-finance/harvest-strategy-polygon (npm)
Malicious code in @bane-mlb/less-styles (npm)
OpenClaw: Sandboxed agents could escape exec routing via host=node override
Malicious code in spring-boot-admin-virgil-custom-ui (npm)
Malicious code in elf-stats-twinkling-wishlist-283 (npm)
Malicious code in stateful-fastclick (npm)
Malicious code in stripe-terminal-react-native (npm)
Malicious code in standalone-apps (npm)
OAuth 2.1 Provider: Unprivileged users can register OAuth clients
Malicious code in buildkite-test-collector-cypress-example (npm)
Malicious code in material-start (npm)
steal vulnerable to Regular Expression Denial of Service via input variable
Malicious code in zsbpwebsdktest3 (npm)
Malicious code in exp-core-style (npm)
Malicious code in @apple-pay-trust/start (npm)
Malicious code in @posthog/rrweb (npm)
OpenClaw: Agent hook events could enqueue trusted system events from unsanitized external input
Malicious code in @azure-tests/perf-service-bus-track-1 (npm)
OpenClaw: Forged Nostr DMs could create pairing state before signature verification
Malicious code in @apple-pay-trust/validate-merchant (npm)
Malicious code in @asyncapi/java-spring-cloud-stream-template (npm)
Malicious code in automate-loadtest-action (npm)
Malicious code in @apple-pay-trust/merchant-session (npm)
Malicious code in @clearpool/streaming (npm)
Denial of Service vulnerability with large JSON payloads in fastify
Malicious code in bankin_thechnical_test (npm)
Malicious code in @google-pay-trust/authorize-payment (npm)
Malicious code in @bootstrap-base-design/bootstrap-base (npm)
Malicious code in @google-pay-trust/cancelled (npm)
Malicious code in @google-pay-trust/finish (npm)
string-kit Inefficient Regular Expression Complexity vulnerability
OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read
Malicious code in @tw-utils/static (npm)
Malicious code in @oku-ui/toast (npm)
OpenClaw: Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose`
Malicious code in stream-chain-xor (npm)
Malicious code in elf-stats-sugarplum-stockpile-238 (npm)
Malicious code in elf-stats-tinsel-pantry-856 (npm)
Nuxt OG Image vulnerable to Server-Side Request Forgery via user-controlled parameters
parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing
Malicious code in skills-strategy-client (npm)
Malicious code in elf-stats-cranberry-hollyberry-804 (npm)
Malicious code in react-toast-cold (npm)
Malicious code in elf-stats-nutmeg-stockpile-999 (npm)
steal vulnerable to Prototype Pollution via key variable in babel.js
Malicious code in azure-core-rest-pipeline (npm)
Malicious code in azure-core-rest-pipeline-js (npm)
Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)
OpenClaw: Tlon settings empty-allowlist reconciliation bypassed intended revocation
Malicious code in elf-stats-sprucey-fireplace-355 (npm)
StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service
Malicious code in azure-eventhubs-checkpointstore (npm)
Malicious code in postman-zendesk-support-theme (npm)
Malicious code in elf-stats-marzipan-cocoa-562 (npm)
Duplicate Advisory: OpenClaw's ACP child sessions inherit subagent security envelope constraints
Malicious code in elf-stats-mulled-snowglobe-636 (npm)
OpenClaw: Unrecognized script runners could bypass `system.run` approval integrity
Malicious code in elf-stats-shimmering-garland-476 (npm)
NocoDB Vulnerable to Stored Cross-Site Scripting via Comments and Rich Text Cells
Malicious code in elf-stats-whimsical-pantry-974 (npm)
Malicious code in a-lbum-do-wnload-avai-lable-file-2016-44588-my-wild-west-fzmj0-gpjzue (npm)
OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image
Malicious code in availab-le-alb-um-zip-25931-the-life-aquatic-studio-sessions-mocn6-tnmvnd (npm)
Malicious code in azure-package-name-test (npm)
Malicious code in substrate-faucet (npm)
Malicious code in browserslist-config-usaa (npm)
Malicious code in native-component-list (npm)
Duplicate Advisory: OpenClaw: `fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects
Malicious code in elf-stats-caroling-sled-530 (npm)
Parse Server vulnerable to SQL injection via `Increment` operation on nested object field in PostgreSQL
Malicious code in azure-schema-registry-avro (npm)
JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0
Malicious code in azure-schema-registry-avro-js (npm)
Directus vulnerable to Server-Side Request Forgery On File Import
Malicious code in azure-schema-registry-avro-ts (npm)
Malicious code in azure-schema-registry-js (npm)
Malicious code in elf-stats-joyous-hollyberry-121 (npm)
Malicious code in azure-storage-queue (npm)
Malicious code in blockstream-adapter (npm)
Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend
Malicious code in body-string-rest (npm)
Malicious code in ward-steward (npm)
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url
Downloads Resources over HTTP in google-closure-tools-latest
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
Malicious code in usaa-qtest-reporter (npm)
OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
Malicious code in bootstrap-base-design (npm)
OpenClaw: Gateway operator.write Can Reach Admin-Class Channel Allowlist Persistence via chat.send
Malicious code in request-js-validator (npm)
Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions
Malicious code in bootstrap-base-managed-designs (npm)
Malicious code in bootstrap-base-nabtrade-design (npm)
Malicious code in azurearctest (npm)
Malicious code in @peter_wilson12091/internal-json-test-parser (npm)
Malicious code in shutterstock-cli (npm)
Malicious code in requestz-promises (npm)
Malicious code in ac-shared-instance (npm)
Malicious code in firestore-types (npm)
Malicious code in @bynder-private/persistgraphql-webpack-plugin (npm)
enclave-vm Vulnerable to Sandbox Escape via Host Error Prototype Chain
Malicious code in bfx-stuff-ui (npm)
Malicious code in bifrostmigrationmonitor (npm)
evershop allows unauthenticated attackers to exhaust application server's resources via "GET /images" API
Malicious code in bootlstap (npm)
OpenClaw: ZIP extraction race could write outside destination via parent symlink rebind
Malicious code in mobile-test-px (npm)
Malicious code in @ch-post-common/common-web-frontend (npm)
Malicious code in cp-area-nao-correntista-fgts-ui (npm)
Malicious code in @tanstack/virtual-file-routes (npm)
Malicious code in network-test-poc (npm)
Malicious code in @uipath/filesystem (npm)
Command Injection via Unsanitized `locate` Output in `versions()` — systeminformation
OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows
OpenClaw has Windows system.run approval mismatch on cmd.exe /c trailing arguments
Malicious code in ts-jest-starter-kit (npm)
Malicious code in bamoe-standalone-dmn-editor (npm)
Malicious code in @codahosted/fetlife-assets (npm)
mppx has Stripe charge credential replay via missing idempotency check
Malicious code in baidu-tester (npm)
Malicious code in customprefix-auth (npm)
Malicious code in rxnt-healthchecks-nestjs (npm)
h3: Double Decoding in `serveStatic` Bypasses `resolveDotSegments` Path Traversal Protection via `%252e%252e`
Malicious code in elf-stats-northbound-drum-422 (npm)
Malicious code in dingpengtest-ui (npm)
Malicious code in stormapp765 (npm)
Malicious code in gemini-test (npm)
OpenClaw: `session_status` sessionId resolution bypasses sandboxed session-tree visibility
Malicious code in standard-demo (npm)
Malicious code in @contrast-security-inc/design-system-foundations (npm)
Malicious code in vistar-ad-clienttestadv3 (npm)
Malicious code in elf-stats-candlelit-toy-571 (npm)
Malicious code in aws-solutions-constructs (npm)
Malicious code in elf-stats-evergreen-chimney-857 (npm)
Malicious code in istanbul-reporter-lcov (npm)
Cube Core is vulnerable to Denial of Service (DoS) via crafted request
OpenClaw exec allowlist safeBins short-option bypass could permit arbitrary file write
Next.js: Unbounded next/image disk cache growth can exhaust storage
Malicious code in cdk-fargate-fastautlscaler (npm)
ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction
OpenClaw's dispatch-wrapper depth-cap mismatch can bypass shell-wrapper approval gating in system.run allowlist mode
Malicious code in @dqwdqwas/testconf (npm)
Malicious code in client-sdk-contract-tests (npm)
Malicious code in clinstestpackage (npm)
Duplicate Advisory: OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter
Malicious code in bfx-hf-strategy-perf (npm)
Vulnogram contains a stored cross-site scripting vulnerability in comment hypertext handling
Malicious code in pulse-scroll-triggered-list-items (npm)
Malicious code in coldstone-sls (npm)
Malicious code in @google-pay-trust/init-google-pay (npm)
Malicious code in @design-system-coopeuch/web (npm)
Malicious code in archetype-style (npm)
Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration
Malicious code in post-purchase-bundler (npm)
Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker
LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection
OpenClaw: system.run wrapper-depth boundary could skip shell approval gating
OpenClaw: fetch-guard forwards custom authorization headers across cross-origin redirects
Malicious code in dependency-confusion-art-test2 (npm)
Malicious code in omar-evil-test-rpp (npm)
Duplicate Advisory: OpenClaw's skills-install-download can be redirected outside the tools root by rebinding the validated base path
ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware
Malicious code in elf-stats-flickering-lantern-502 (npm)
Malicious code in elf-stats-lanternlit-saddlebag-279 (npm)
Unauthorized npm publish of cline@2.3.0 with modified postinstall script
Malicious code in dynamic-virtualized-list (npm)
Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation
OpenClaw's hooks count non-POST requests toward auth lockout
mcp-remote exposed to OS command injection via untrusted MCP server connections
Malicious code in core-guest-spa (npm)
Malicious code in @leviyuan/lodestar (npm)
Malicious code in @antv/l7-district (npm)
Mattermost Desktop App allows the bypass of Transparency, Consent, and Control (TCC) via code injection
Malicious code in hosted-checkout-tutorial (npm)
Malicious code in harmony-enablers-test-2026 (npm)
Malicious code in hpathexists (npm)
Malicious code in @service-suppliers/fetch_suppliers_country_list_action_saga (npm)
Malicious code in @service-suppliers/reset_country_list (npm)
Malicious code in @service-suppliers/set_country_list (npm)
Malicious code in @service-suppliers/set_suppliers_loading_start (npm)
steal vulnerable to Prototype Pollution via alias variable
Malicious code in azure-purview-administration (npm)
OpenClaw: HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS missing from exec env denylist — RCE via build tool env injection (GHSA-cm8v-2vh9-cxf3 class)
Malicious code in paysafe-gbp-virtual-assistant-lib-fe (npm)
Malicious code in sn-internal-test (npm)
Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
Malicious code in logi-bootstrap (npm)
Malicious code in sn-internal-testjgsakjdkjadkjahsdkjad (npm)
Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality
Malicious code in loglongakamairequest (npm)
Malicious code in @epc-infra/clinstestpackage (npm)
Malicious code in material-ui-plugin-styles-provider-cache (npm)
OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks
Unsafe plugins can be installed via pack import by tenant admins
Malicious code in mattermost-plugin-docs (npm)
Malicious code in @cloudplatform-single-spa/ml-ai-agents-agent-system (npm)
Malicious code in mattermost-push-proxy (npm)
OpenClaw's MSTeams attachment redirect handling could bypass configured media host allowlists
Malicious code in dreactbvotstrap (npm)
Malicious code in ea-test-helpers (npm)
OpenClaw: Shell init-file options could satisfy exec allowlist script matching
Malicious code in frontend-js-state-web (npm)
Malicious code in ecto-rust-read-f3a9c1 (npm)
oRPC has Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify
Malicious code in starlink2 (npm)
Malicious code in dinesh-dev-nagajikkktest11223qa (npm)
Malicious code in @mlspace/dtransfer-history (npm)
Malicious code in eslint-plugin-mistica-local-rules (npm)
Malicious code in mitui-util-test (npm)
RedwoodSDK has a CSRF vulnerability in server function dispatch via GET requests
Malicious code in mephisto-task-compiler (npm)
Malicious code in mephisto-worker-experience (npm)
Cross site scripting Vulnerability in backstage Software Catalog
Malicious code in workflow-postgres-setup (npm)
NocoBase Has SQL Injection via template variable substitution in workflow SQL node
OpenClaw ACP client has permission auto-approval bypass via untrusted tool metadata
n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook
Malicious code in astar-portal-test-depconf (npm)
Parse Server vulnerable to LDAP injection via unsanitized user input in DN and group filter construction
Malicious code in private-next-instrumentation-client (npm)
Malicious code in fstream-package-2 (npm)
Malicious code in @achuthvp/postinstall-poc (npm)
URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect
Malicious code in mynewpkgtest (npm)
Malicious code in netlify-testing-stuff (npm)
Malicious code in @listings/energy-labels (npm)
Malicious code in @zimmo/last_search (npm)
Malicious code in chai-utils-test (npm)
Mattermost Desktop App allows for bypassing TCC restrictions on macOS
Malicious code in refocus-sgt-trust1 (npm)
Malicious code in azure-eventhubs-checkpointstore-blob (npm)
Parse Server: MFA recovery code single-use bypass via concurrent requests
Malicious code in elf-stats-aurora-candy-291 (npm)
Malicious code in elf-stats-aurora-garland-513 (npm)
OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")
Malicious code in ashion-ingest (npm)
Malicious code in ibm-strings (npm)
Malicious code in @posthog/gitub-star-sync-plugin (npm)
Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry
Malicious code in @bingads-webui-clientcenter/instrumentation (npm)
Malicious code in restaking-apy-module (npm)
Malicious code in test.reativity.package (npm)
Malicious code in @b2bneo-rest/api-csf (npm)
OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients
Malicious code in elf-stats-aurora-workbench-513 (npm)
Malicious code in elf-stats-sprucey-train-471 (npm)
Malicious code in elf-stats-caroling-mailbag-397 (npm)
Malicious code in azure-schema-registry (npm)
Malicious code in fast-httpx (npm)
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following
Malicious code in storage-file-datalake (npm)
Malicious code in sfdc-stream (npm)
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin
Malicious code in strip-json-combmentd (npm)
Malicious code in @winstan/binston (npm)
Malicious code in string-parser-utils (npm)
Malicious code in babelpreset4stag3 (npm)
Malicious code in func-analyst (npm)
Malicious code in modernizr-custom (npm)
OpenClaw affected by iMessage remote attachment SCP hardening (strict host-key checks and remoteHost validation)
@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Malicious code in @calcalist/fetlife-assets (npm)
OpenClaw improperly parses X-Forwarded-For behind trusted proxies allows client IP spoofing in security decisions
Malicious code in bitpay-rest-client (npm)
Malicious code in testpkgabc (npm)
Malicious code in transform-regexp-constructors (npm)
Malicious code in buffer-auth-test (npm)
Malicious code in test-rule-package (npm)
Malicious code in test-task-react-client (npm)
Malicious code in @azure-tests/perf-keyvault-keys (npm)
Malicious code in testingx (npm)
Malicious code in apth-exists (npm)
Malicious code in argo-hosting-api (npm)
Malicious code in one-question-survey (npm)
Malicious code in vue-test-utils-mic (npm)
Malicious code in clientlib-manifests (npm)
Malicious code in buy-button-storefront (npm)
Malicious code in azure-arm-visualstudio-samples-js-beta (npm)
Malicious code in coldstone-helpers (npm)
Malicious code in @status-waku-voting/contracts (npm)
Malicious code in azure-storage-file-datalake-samples-ts (npm)
Malicious code in azure-storage-file-share (npm)
Malicious code in country-nationality-list (npm)
Duplicate Advisory: OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks
Malicious code in strapi-provider-upload-aws-s3-auth (npm)
OpenClaw has Inconsistent Host Exec Environment Override Sanitization
Malicious code in com.unity.modules.unitywebrequesttexture (npm)
Malicious code in ext-iconv-test (npm)
Malicious code in facebook-nodejs-business-sdk-tests (npm)
Malicious code in vhustlcfimgkwyzq (npm)
Malicious code in chnifdwmostgqvyp (npm)
Malicious code in test2_11931193 (npm)
Malicious code in test-proj-for-myself (npm)
Malicious code in container-registry (npm)
Malicious code in testfromauro (npm)
Malicious code in testingpp (npm)
Vite has an `server.fs.deny` bypass with an invalid `request-target`
Malicious code in ember-tracked-local-storag (npm)
Malicious code in eslint-config-mattermost (npm)
@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Malicious code in af-test (npm)
Options structure open to Cross-site Scripting if passed unfiltered
Malicious code in ethereumjstox (npm)
Malicious code in wfs-admin-test (npm)
Malicious code in firstloadedvideopriorityadjuster (npm)
Malicious code in frontend-restclient (npm)
Malicious code in wf-kyt-starter (npm)
Malicious code in wf-kyt-starter-universal (npm)
URIjs Vulnerable to Hostname spoofing via backslashes in URL
Malicious code in instanthangouts (npm)
Malicious code in zsbpwebsdktest (npm)
Malicious code in owa-strings (npm)
@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass
OpenClaw has a CWD `.env` environment variable injection which bypasses host-env policy and allows config takeover
Malicious code in eslint-plugin-elastic-charts (npm)
Duplicate Advisory: OpenClaw's system.run allowlist bypass via shell line-continuation command substitution
Malicious code in arcotest1 (npm)
Malicious code in @nothingfu/test (npm)
Malicious code in discordstream (npm)
OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials
Malicious code in jive-styling-toolkit (npm)
Malicious code in keyvault-mock-attestation (npm)
Malicious code in presto-webui (npm)
Malicious code in com.unity.modules.unitywebrequest (npm)
Malicious code in com.unity.modules.unitywebrequestassetbundle (npm)
Malicious code in @fbsystem/figma-messenger (npm)
Fastify: Incorrect Content-Type parsing can lead to CSRF attack
Malicious code in pingserver-test.01 (npm)
Malicious code in puppeteerrequestinterceptor (npm)
Malicious code in speedtestsolo (npm)
Malicious code in ajaxmanager-custom (npm)
Malicious code in lightweight-store (npm)
HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover
Malicious code in lido-dao-test-dp (npm)
Malicious code in npm-test-bravol33 (npm)
Malicious code in constant-unifi (npm)
OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints
Malicious code in lodaschisstring (npm)
Malicious code in purplebricks-administration (npm)
Malicious code in dl-testes (npm)
Malicious code in oci-console-navigation-registry (npm)
Malicious code in statfacepy (npm)
Malicious code in eslint-plugin-foody-custom (npm)
OpenClaw has ReDoS and regex injection via unescaped Feishu mention metadata in RegExp construction
Malicious code in testben (npm)
OpenClaw skills.status could leak secrets to operator.read clients
Malicious code in visual_studio_1_37_1_crack_top_activation_key_latest_2019_win_mac__2rl (npm)
Malicious code in prettier-v3-for-testing (npm)
Duplicate Advisory: OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host
Malicious code in hft-frontend-test (npm)
modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests
Malicious code in testing-bounty123 (npm)
Malicious code in firstrunwizard (npm)
Malicious code in ood-listener (npm)
Malicious code in @nexthink/investigations-components (npm)
Malicious code in kbrstore (npm)
Malicious code in vscode-ui5-language-assistant (npm)
Malicious code in dbabelpreetstage1 (npm)
Malicious code in perf-storage-file-share (npm)
Malicious code in eg-clickstream-sdk-js (npm)
Malicious code in vue2-jest (npm)
Malicious code in marketing-jest-cli (npm)
Malicious code in custom-banner-react (npm)
Malicious code in ext-iconv-test-3 (npm)
Malicious code in testing-logger-bush1do-c0de (npm)
Eugeny Tabby Sends Password Despite Host Key Verification Failure
Malicious code in bonded-stablecoin (npm)
Malicious code in astar-portal (npm)
Malicious code in newhistory (npm)
Malicious code in eumetcast-gluing (npm)
Malicious code in brightspot-styleguide (npm)
AWS Advanced NodeJS Wrapper: Privilege Escalation in Aurora PostgreSQL instance
Malicious code in sqltest6 (npm)
Malicious code in eslintpwuginjest (npm)
Malicious code in web_enhance_sap-stable (npm)
Malicious code in nespresso-design-system (npm)
Malicious code in lwc-jest-serializer (npm)
Malicious code in npmupload_test-xxxxxxxxxxxxx (npm)
OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup
Malicious code in vue2-amis-custom-widget-kk (npm)
Malicious code in moto-test-int (npm)
Malicious code in zonduutest (npm)
Malicious code in gradient-stringss (npm)
Parse Server has a stored XSS filter bypass via Content-Type MIME parameter and missing XML extension blocklist entries
Malicious code in hoisting-peer-check-child (npm)
Malicious code in instant_verb_tables_roxanne_burns_pdf___hot___uy4 (npm)
Malicious code in world-id-onchain-starter (npm)
NocoDB has Prototype Pollution in Connection Test Endpoint, Leading to DoS
Malicious code in dev-env-bootstrapper (npm)
Malicious code in karma-jasmine-i-request (npm)
Malicious code in reftest-helper (npm)
Malicious code in @diotoborg/distinctio-quaerat (npm)
Malicious code in @diotoborg/eligendi-est-unde (npm)
Malicious code in @diotoborg/enim-molestias (npm)
Malicious code in infrastructure_skypefeedback_tools (npm)
OpenClaw: Windows-compatible env override keys could bypass system.run approval binding
Malicious code in @diotoborg/eum-nostrum (npm)
Malicious code in perf-storage-file-share-track-1 (npm)
Malicious code in zilliqa-testing-library (npm)
OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets
OpenClaw: QMD memory_get restricts reads to canonical or indexed memory paths
Malicious code in crack_vialibera_gestione_contabile_free__qls (npm)
Malicious code in criteo-static-variables-datasource (npm)
Malicious code in launcher-start-page (npm)
Malicious code in @diotoborg/nisi-molestiae (npm)
OpenClaw: Tlon media downloads can bypass core safety limits and exhaust disk
Malicious code in stringjs_lib (npm)
Malicious code in testingsomethingforscanner (npm)
Malicious code in mitui-util-bootstrap (npm)
OpenClaw's system.run approvals did not bind mutable script operands across approval and execution
OpenClaw: `session_status` still bypasses configured `tools.sessions.visibility` for unsandboxed invocations
OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement
Malicious code in stylesheeet (npm)
Malicious code in testapp00009 (npm)
Malicious code in mynewpkgtest2 (npm)
Malicious code in testdir12345 (npm)
Malicious code in manualtestapp (npm)
Malicious code in @incisive/rvtestmodule (npm)
Mass Assignment in AdonisJS Lucid Allows Overwriting Internal ORM State
Malicious code in monday-react-quickstart-app (npm)
Ghost vulnerable to arbitrary file read via symlinks in content import
Malicious code in onno-missing-2023-full-movies-at-home-streamnig (npm)
Malicious code in incisive_testing_stuffasdasdasd (npm)
Malicious code in @bitsoex/react-design-system (npm)
Mattermost Desktop App exposes sensitive information in its application logs
Malicious code in dow-load-get-your-sht-together-how-to-stop-worrying-about-what-you-should-do-so-you-can-fi (npm)
Malicious code in dow-load-pdf-the-daily-stoic-366-meditations-on-wisdom-perseverance-and-the-art-of-living- (npm)
Malicious code in experimental-entrevista-react-01 (npm)
Malicious code in bitfinex-test (npm)
Malicious code in string-width-aliased (npm)
OpenClaw: Feishu docx upload_file/upload_image Bypasses Workspace-Only Filesystem Policy (GHSA-qf48-qfv4-jjm9 Incomplete Fix)
Malicious code in @visma-spcs-registry/react-common-components (npm)
OpenClaw: stageSandboxMedia destination symlink traversal can overwrite files outside sandbox workspace
Malicious code in mynewpkgtest3 (npm)
Clerk: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host
Malicious code in mytestnpmaskedrisec (npm)
Malicious code in vipps-stitches (npm)
OpenClaw: Endpoint persists after trust decline, leaking gateway credentials
OpenClaw has an unauthorized sender bypass in its stop triggers and /models command authorization
OpenClaw's tools.exec.safeBins generic fallback allowed interpreter-style inline payload execution in allowlist mode
SvelteKit framework has Insufficient CSRF protection for CORS requests
Malicious code in toosting (npm)
Claude Code vulnerable to command execution prior to startup trust dialog
Malicious code in ad-shield-essential-test (npm)
Unrestricted Upload of File with Dangerous Type in blueimp-file-upload
Denial of Service in uap-core when processing crafted User-Agent strings
Malicious code in @wix-ui/editor-elements-design-systems (npm)
Malicious code in do_not_install_this_is_a_test_package_norwegianwood (npm)
Fastify has a Body Schema Validation Bypass via Leading Space in Content-Type Header
Malicious code in mastercard-postman-encryption-lib (npm)
Malicious code in startrek-client (npm)
Malicious code in mystock-ui (npm)
vm2 has access to `VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL`
Malicious code in schibsted-ufo (npm)
Malicious code in nft-dapp-starter-kit (npm)
Malicious code in test262-runner (npm)
OpenClaw: Gateway plugin HTTP `auth: gateway` widens identity-bearing `operator.read` requests into runtime `operator.write`
Malicious code in @posthog/customerio-plugin (npm)
pnpm vulnerable to Command Injection via environment variable substitution
Malicious code in uniform-reliable-broadcast (npm)
Malicious code in atmos-design-system (npm)
Malicious code in best_gpio_controller (npm)
Malicious code in listing-uss-sdk (npm)
Sync-in Server has a stored cross-site scripting (XSS) vulnerability
Malicious code in com.unity.cloud.gltfast (npm)
Malicious code in distdiscord-v11 (npm)
Malicious code in kinetix-default-token-list (npm)
Malicious code in ascendex-test (npm)
Malicious code in discordstreamings (npm)
Malicious code in telegram-bot-hoster (npm)