st
1000 known vulnerabilities · 33 critical · 89 high
Pug allows JavaScript code execution if an application accepts untrusted input
Malicious code in jssdk-infrastructure (npm)
Malicious code in cd-system (npm)
Malicious code in @getstep/sdk (npm)
Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)
linux-cmdline is vulnerable to Prototype Pollution via the constructor
Malicious code in int_pinterest_sfra (npm)
OpenClaw: Untrusted workspace channel shadows could execute during built-in channel setup
Malicious code in sddst-ui (npm)
Malicious code in @f2p-mml-frontends/mml-styles (npm)
Malicious code in dotgov-list (npm)
Malicious code in npm-manifest (npm)
Malicious code in @posthog/rrweb-snapshot (npm)
JOSE vulnerable to resource exhaustion via specifically crafted JWE
@keystone-6/core's NODE_ENV defaults to development with esbuild
Malicious code in email-deliverability-tester (npm)
Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements
fastify: request.protocol and request.host Spoofable via X-Forwarded-Proto/Host from Untrusted Connections
a11y-mcp: Server-Side Request Forgery (SSRF) vulnerability in A11yServer function
ghost vulnerable to unauthorized newsletter modification via improper access controls
Malicious code in system-library-gameanalytics-common (npm)
@nocobase/database has SQL Injection via String Concatenation through Recursive Eager Loading
Malicious code in test494 (npm)
Malicious code in schibsted-style (npm)
Malicious code in @antstackio/shelbysam (npm)
string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS)
steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments
Malicious code in stablecoin-aptos (npm)
Malicious code in @posthog/laudspeaker-plugin (npm)
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`
Malicious code in system-library-gameanalytics-slotanalytics (npm)
Unrestricted Upload of File with Dangerous Type in Strapi
Malicious code in @bingads-webui-clientcenter/instrumentation (npm)
Malicious code in handtalk-test-app (npm)
Malicious code in @browserbasehq/stagehand-docs (npm)
Malicious code in @voiceflow/nestjs-rate-limit (npm)
OpenClaw has system.run shell-wrapper env injection via SHELLOPTS/PS4 can bypass allowlist intent (RCE)
Malicious code in mongodb-stitch-server-testutils (npm)
Malicious code in stream-xor-chain (npm)
Malicious code in chai-status (npm)
Malicious code in babel-plugin-standalone (npm)
Malicious code in pluxee-design-system (npm)
NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability
CouchAuth host header injection vulnerability leaks the password reset token
Missing proper state, nonce and PKCE checks for OAuth authentication
Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials
Malicious code in @amber-team/storybook-utils (npm)
Malicious code in aoe_playstyle (npm)
Malicious code in elf-stats-fuzzy-fir-973 (npm)
Malicious code in elf-stats-rooftop-stockpile-626 (npm)
Malicious code in elf-stats-aurora-candy-291 (npm)
Malicious code in elf-stats-aurora-garland-513 (npm)
Malicious code in elf-stats-aurora-workbench-513 (npm)
Malicious code in elf-stats-bright-cushion-246 (npm)
Malicious code in elf-stats-candlelit-toy-571 (npm)
Malicious code in elf-stats-evergreen-chimney-857 (npm)
Malicious code in elf-stats-evergreen-sled-681 (npm)
Malicious code in elf-stats-flickering-candy-280 (npm)
Malicious code in elf-stats-flickering-fir-572 (npm)
Malicious code in google-storage-cloud (npm)
Malicious code in elf-stats-lanternlit-sled-571 (npm)
Malicious code in elf-stats-merry-chimney-765 (npm)
Malicious code in api-routes-rest (npm)
Malicious code in elf-stats-merry-cookiejar-754 (npm)
Malicious code in elf-stats-merry-cookiejar-915 (npm)
OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding
Malicious code in elf-stats-shimmering-workshop-590 (npm)
Malicious code in @diotoborg/dolorum-iste-excepturi (npm)
Malicious code in elf-stats-silvered-mitten-503 (npm)
Malicious code in elf-stats-snowdusted-bauble-104 (npm)
Malicious code in @diotoborg/eaque-iste (npm)
pnpm vulnerable to Command Injection via environment variable substitution
Malicious code in elf-stats-snowdusted-fireplace-396 (npm)
Malicious code in elf-stats-snowdusted-saddlebag-790 (npm)
OpenClaw has a gateway exec allowlist allow-always bypass via unregistered /usr/bin/script wrapper
OpenClaw's Zalo group sender allowlist bypass permits unauthorized GROUP dispatch
Malicious code in elf-stats-sparkly-cocoa-863 (npm)
Malicious code in elf-stats-sprucey-snowman-250 (npm)
Malicious code in elf-stats-sprucey-train-471 (npm)
Malicious code in elf-stats-twinkling-marshmallow-913 (npm)
Markdownify MCP Server allows Server-Side Request Forgery (SSRF) via the Markdownify.get() function
Malicious code in elf-stats-wintry-icicle-283 (npm)
Malicious code in @azure-tests/perf-service-bus (npm)
Malicious code in elf-stats-caroling-mailbag-397 (npm)
Malicious code in @diotoborg/esse-distinctio-repellat (npm)
Malicious code in elf-stats-frostbitten-reindeer-875 (npm)
Malicious code in elf-stats-ginger-reindeer-411 (npm)
Malicious code in elf-stats-gingersnap-ornament-469 (npm)
Malicious code in elf-stats-glittering-fir-252 (npm)
eivindfjeldstad-dot contains prototype pollution vulnerability
Malicious code in elf-stats-glittering-nutcracker-709 (npm)
AutoUpdater module fails to validate certain nested components of the bundle
OpenClaw has incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in `!stop` Chat Command via `shell-utils.ts`
Duplicate Advisory: OpenClaw's Node system.run approval hardening wrapper semantic drift can execute unintended local scripts
OpenClaw: Voice-call still parses large WebSocket frames before start validation (Incomplete fix for CVE-2026-32062)
@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state
openclaw-claude-bridge: sandbox is not effective - `--allowed-tools ""` does not restrict available tools
Malicious code in elf-stats-merry-cookiejar-442 (npm)
Malicious code in elf-stats-sleighing-nutcracker-806 (npm)
Malicious code in elf-stats-silvered-star-676 (npm)
Malicious code in elf-stats-snowdusted-lantern-234 (npm)
OpenClaw: Matrix profile config persistence was reachable from operator.write message tools
Malicious code in @t-in-one/save_application_hid_to_storage (npm)
Malicious code in elf-stats-snowdusted-cookiejar-250 (npm)
Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings
Malicious code in elf-stats-candlelit-train-228 (npm)
Malicious code in elf-stats-caroling-hammer-382 (npm)
Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS
Malicious code in elf-stats-twinkling-bell-867 (npm)
Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values
Malicious code in @diotoborg/iste-laborum (npm)
Malicious code in elf-stats-cocoa-workshop-459 (npm)
Status Board vulnerable to Cross-Site Scripting before v1.1.82
Malicious code in arm-attestation (npm)
Malicious code in arm-azurestack (npm)
google-cloudstorage-commands Command Injection vulnerability
OpenClaw bootstrap setup codes could be replayed to escalate pending pairing scopes before approval
OpenClaw has a IPv6 multicast SSRF classifier bypass
OpenClaw's config env vars allowed startup env injection into service runtime
Malicious code in amazon-testpackage (npm)
Malicious code in @diotoborg/molestiae-doloribus (npm)
Malicious code in elf-stats-caroling-wreath-635 (npm)
Malicious code in @diotoborg/molestiae-maxime (npm)
Malicious code in elf-stats-glittering-cookie-844 (npm)
OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins
Backstage vulnerable to potential reading of SCM URLs using built in token
deepHas vulnerable to Prototype Pollution via constructor.prototype
OpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get
Malicious code in lappsec-testpackage (npm)
Malicious code in vistar-ad-clienttestadv3 (npm)
webpack-dev-server users' source code may be stolen when they access a malicious web site
OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation
Malicious code in string-multiutils (npm)
Malicious code in system-v11 (npm)
@stablelib/cbor: Stack exhaustion Denial of Service via deeply nested CBOR arrays, maps, or tags
Malicious code in pycodestyle (npm)
Malicious code in style-postprocessor (npm)
OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution
Malicious code in bfx-hf-strategy-perf (npm)
OpenClaw BlueBubbles webhook auth bypass via loopback proxy trust
Malicious code in bitu-staking (npm)
Flowise: Unauthenticated Information Disclosure of OAuth Secrets (Cleartext) via GET Request
Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains
Uptime Kuma's Regular Expression in pushdeeer and whapi file Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction
expr-eval does not restrict functions passed to the evaluate function
Malicious code in changelog-utils-structured-logger (npm)
Malicious code in responses-starter-app (npm)
Malicious code in elf-stats-shimmering-muffin-598 (npm)
ApostropheCMS: Information Disclosure via choices/counts Query Parameters Bypassing publicApiProjection Field Restrictions
Astro's server source code is exposed to the public if sourcemaps are enabled
Fastify's connection header abuse enables stripping of proxy-added headers
OpenClaw: Node camera URL payload host-binding bypass allowed gateway fetch pivots
Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override
Malicious code in @azure-tests/perf-keyvault-secrets (npm)
Duplicate Advisory: Signal group allowlist authorization bypass via DM pairing-store leakage
OpenClaw: workspace path guard bypass on non-existent out-of-root symlink leaf
Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation
OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode
OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send
webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence
Electron: HTTP Response Header Injection in custom protocol handlers and webRequest
Ghost vulnerable to information disclosure of private API fields
Strapi mishandles hidden attributes within admin API responses
Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`
Malicious code in 0g-storage-contracts (npm)
OpenClaw has Inconsistent Host Exec Environment Override Sanitization
Directus: Sensitive fields exposed in revision history
Macro in MathJax running untrusted Javascript within a web browser
OpenClaw's tools.exec.safeBins sort long-option abbreviation bypass can skip exec approval in allowlist mode
OpenClaw has an inbound allowlist policy bypass in voice-call extension (empty caller ID + suffix matching)
Malicious code in node-integration-test (npm)
Malicious code in bamoe-standalone-dmn-editor (npm)
@fastify/middie vulnerable to middleware authentication bypass in child plugin scopes
Hono JWK Auth Middleware has JWT algorithm confusion when JWK lacks "alg" (untrusted header.alg fallback)
steal vulnerable to Prototype Pollution via requestedVersion variable
Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows
undici before v5.8.0 vulnerable to CRLF injection in request headers
Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding
Malicious code in @azure-tests/perf-monitor-query (npm)
Claude Code can execute commands prior to the startup trust dialog
OpenClaw vulnerable to path traversal (Zip Slip) in archive extraction during explicit installation commands
OpenClaw has command injection via Windows shell fallback in Lobster tool execution
Backstage Scaffolder plugin vulnerable to Server-Side Request Forgery
OpenClaw is Missing Webhook Authentication in Telnyx Provider Allows Unauthenticated Requests
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball
OpenClaw's system.run allowlist approval parsing missed PowerShell encoded-command wrappers
happy-dom's `--disallow-code-generation-from-strings` is not sufficient for isolating untrusted JavaScript
Malicious code in apple-internal-pki-trust (npm)
Malicious code in archetype-style (npm)
ws affected by a DoS when handling a request with many HTTP headers
Malicious code in gop_status_frontend (npm)
LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern
OpenClaw has an exec allowlist bypass via command substitution/backticks inside double quotes
OpenClaw: Host exec environment overrides miss proxy, TLS, Docker, and Git TLS controls
Malicious code in opti-distube (npm)
Malicious code in ts-jest-starter-kit (npm)
Memory exhaustion in SvelteKit remote form deserialization (experimental only)
Malicious code in arm-storsimple8000series (npm)
webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser
fast-jwt: Stateful RegExp (/g or /y) causes non-deterministic allowed-claim validation (logical DoS)
Apostrophe CMS Insufficient Session Expiration vulnerability
Malicious code in @transaction-list/transaction-list-xs (npm)
OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text
Malicious code in @amber-team/stylelint-config (npm)
Malicious code in @azure-tests/perf-storage-blob-track-1 (npm)
OpenClaw: Unicode canonicalization drift in node metadata policy classification could broaden node allowlists
Malicious code in mp3-file-zip-d-ownload-33971-the-imagination-stage-ar0bb-cvzjxl (npm)
Malicious code in codewhisperer-streaming (npm)
ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint
OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypass
Malicious code in reqstus (npm)
OpenClaw: Tlon Startup Migration Rehydrates Empty-Array Revocations From File Config
OpenClaw's unauthenticated Nostr profile HTTP endpoints allow remote profile/config tampering
Astro development server error page is vulnerable to reflected Cross-site Scripting
Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id
OpenClaw: Mattermost callback dispatch allowed non-allowlisted sender actions
Malicious code in @globalsearch/productstub (npm)
OpenClaw: Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send
@stablelib/cbor: Prototype poisoning via `__proto__` map keys in CBOR decoding
Backstage has a Possible Symlink Path Traversal in Scaffolder Actions
.eth registrar controller can shorten the duration of registered names
OpenClaw: Slack system events bypass sender authorization in member and message subtype handlers
Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association
Websites were able to send any requests to the development server and read the response in vite
Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path
Duplicate Advisory: OpenClaw: stageSandboxMedia destination symlink traversal can overwrite files outside sandbox workspace
Duplicate Advisory: OpenClaw: workspace path guard bypass on non-existent out-of-root symlink leaf
Malicious code in react-tailwindcss-style (npm)
parse-server's endpoint `/loginAs` allows `readOnlyMasterKey` to gain full read and write access as any user
Duplicate Advisory: OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication
Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands
Unrestricted Upload of File with Dangerous Type in ButterCMS
llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding
path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability
OpenClaw: Workspace `.env` can override the bundled plugin trust root
Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows
Duplicate Advisory: OpenClaw: Nextcloud Talk room allowlist matched colliding room names instead of stable room tokens
Moderate severity vulnerability that affects bootstrap and bootstrap-sass
Parse Server has a SQL injection via query field name when using PostgreSQL
OpenClaw's Telegram message_reaction authorization bypass allows unauthorized system-event injection
OpenClaw has Signal group allowlist authorization bypass via DM pairing-store leakage
Malicious code in deepcoin-test (npm)
Downloads Resources over HTTP in selenium-standalone-painful
Duplicate Advisory: OpenClaw: Unbound interpreter and runtime commands could bypass node-host approval integrity
Malicious code in assisted-chat (npm)
OpenClaw has a Matrix allowlist bypass via displayName and cross-homeserver localpart matching
OpenClaw's Trusted-proxy Control UI sessions retain privileged scopes without device identity on device-less allow paths
directus vulnerable to HTML Injection in Password Reset email to custom Reset URL
Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused
@backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint
n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no
Parse Server's custom object ID allows to acquire role privileges
Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4
Multer vulnerable to Denial of Service via memory leaks from unclosed streams
OpenClaw: Config writes could persist resolved ${VAR} secrets to disk
OpenClaw has multiple E2E/test Dockerfiles that run all processes as root
h3 has a Path Traversal via Percent-Encoded Dot Segments in serveStatic Allows Arbitrary File Read
OpenClaw has unbounded memory growth in Zalo webhook via query-string key churn (unauthenticated DoS)
MongoDB Shell may be susceptible to control character injection via pasting
Vulnerability in list function leads to arbitrary code execution via filePath parameters
Dark Reader gives users the ability to request style sheets from local web servers
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name
n8n-mcp has authenticated SSRF via instance-URL header in multi-tenant HTTP mode
Buttercup allows attackers to obtain the hash of the master password
Hono allows bypass of CSRF Middleware by a request without Content-Type header.
Flowise has Authorization Bypass via Spoofed x-request-from Header
@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
OpenClaw: Heartbeat owner downgrade missed untrusted webhook wake events
sharp vulnerable to Command Injection in post-installation over build environment
OpenClaw's skills-install-download can be redirected outside the tools root by rebinding the validated base path
OpenClaw: Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode
HackMD MCP Server has Server-Side Request Forgery (SSRF) vulnerability
tarteaucitron.js allows prototype pollution via custom text injection
h3: SSE Event Injection via Unsanitized Carriage Return (`\r`) in EventStream Data and Comment Fields (Bypass of CVE Fix)
Malicious code in @bmw-chris/testmodule-default-frontend (npm)
Astro: Remote allowlist bypass via unanchored matchPathname wildcard
OpenClaw's `tools.exec.safeBins` PATH-hijack allowed trojan binaries to bypass allowlist checks
Cross-Site Scripting in bootstrap-select
Http request which redirect to another hostname do not strip authorization header in @actions/http-client
@builder.io/qwik-city Cross-Site Request Forgery vulnerability
Duplicate Advisory: OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions
Malicious code in buildstamp-monorepo (npm)
fastify/websocket vulnerable to uncaught exception via crash on malformed packet
Malicious code in circonus-statsd-backend (npm)
Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter)
Malicious code in @azure-tests/perf-template (npm)
Malicious code in orchestrix (npm)
Malicious code in @fbsystem/figma-graphql (npm)
@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Hono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses
Malicious code in encryptte-test (npm)
OpenClaw: MSTeams thread history bypasses sender allowlist via Graph API
Malicious code in azure-storage-blob-changefeed (npm)
Malicious code in azure-storage-common-cpp (npm)
Malicious code in etn_validator_list (npm)
Malicious code in @boosted-bounty/cassandra-helpers (npm)
Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository
Duplicate Advisory: Synology Chat dmPolicy=allowlist failed open on empty allowedUserIds, allowing unauthorized agent dispatch
Flowise: Path Traversal in Vector Store basePath
OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
React Router has unexpected external redirect via untrusted paths
Malicious code in @harrysforge/number-stepper (npm)
StudioCMS REST getUsers Exposes Owner Account Records to Admin Tokens
Malicious code in mattermost-webapp-profiling (npm)
Malicious code in construct-burst (npm)
Flowise vulnerable to RCE via Dynamic function constructor injection
Malicious code in custom-pages-react-boilerplate (npm)
Malicious code in custom-script-vanilla-js (npm)
Server-Side Request Forgery and Inclusion of Functionality from Untrusted Control Sphere in jsreport
@backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection
Malicious code in qiwi-substrate-monorepo (npm)
Malicious code in test1_l3yx (npm)
OpenClaw: system.run approval identity mismatch could execute a different binary than displayed
Malicious code in test4948 (npm)
Malicious code in design-system-base (npm)
Malicious code in newtestforme1008 (npm)
html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS)
Malicious code in @medusajs/analytics-posthog (npm)
AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection
Malicious code in angieslist-styles (npm)
Malicious code in exp-core-style (npm)
Nu Html Checker (vnu) contains a Server-Side Request Forgery (SSRF) vulnerability
Malicious code in angular-dev-test (npm)
Paperclip: Malicious skills able to exfiltrate and destroy all user data
Multer vulnerable to Denial of Service via unhandled exception from malformed request
Malicious code in postcss-file-match (npm)
Malicious code in @monokera/react-components-storybook (npm)
Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser
Malicious code in @azure-tests/perf-keyvault-certificates (npm)
Malicious code in api-extractor-test-01 (npm)
Better Auth affected by external request basePath modification DoS
LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates
electerm: electerm_install_script_CommandInjection Vulnerability Report
Malicious code in arm-storsimple1200series (npm)
Malicious code in arm-streamanalytics (npm)
Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation
OpenClaw: Self-Whitelisting in appendLocalMediaParentRoots Allows Arbitrary File Read & Credential Exfiltration
Malicious code in @azure-tests/perf-storage-file-share-track-1 (npm)
fast-xml-parser has stack overflow in XMLBuilder with preserveOrder
OpenClaw: Discord voice manager bypasses channel-level member access allowlist
@fastify/static vulnerable to route guard bypass via encoded path separators
Malicious code in atlas-custom-behaviour (npm)
repostat: Reflected Cross-Site Scripting (XSS) via repo prop in RepoCard
Malicious code in elf-stats-snowy-candy-850 (npm)
Malicious code in @zitterorg/iusto-iusto-quasi (npm)
@backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks
Malicious code in emilkylandertestnpmpackge (npm)
OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State
XSS vulnerability in GraphQL Playground from untrusted schemas
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()
Malicious code in posthog-docusaurus (npm)
Malicious code in chat-history-log-viewer (npm)
Malicious code in elf-stats-merry-sparkler-742 (npm)
Malicious code in @diotoborg/quis-tempore-distinctio (npm)
Malicious code in elf-stats-mulled-drum-529 (npm)
Malicious code in com.unity.cluster-display (npm)
Duplicate Advisory: OpenClaw: Slack system events bypass sender authorization in member and message subtype handlers
BrowserStack Local vulnerable to Command Injection through logfile variable
Malicious code in elf-stats-candystriped-chimney-879 (npm)
Malicious code in elf-stats-bright-cocoa-293 (npm)
Malicious code in azure-arm-postgresql-flexible-samples-js (npm)
Malicious code in solana-stable-web-huks (npm)
DbGate has cross site scripting via the SVG Icon String Handler component
Bypass of field access control in strapi-plugin-protected-populate
Malicious code in elf-stats-candlelit-hollyberry-248 (npm)
OpenClaw: Sandbox staged writes could escape the verified parent directory before commit
Malicious code in ssc-ui-static (npm)
@fastify/express has a middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons)
n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks
OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode
Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox
Malicious code in elf-stats-sparkly-hammer-880 (npm)
Malicious code in elf-stats-whimsical-chimney-949 (npm)
Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial
Malicious code in @diotoborg/dolores-iusto (npm)
CleverTap Web SDK is vulnerable to DOM-based Cross-Site Scripting (XSS) via window.postMessage
OpenClaw: Memory dreaming config persistence was reachable from operator.write commands
Malicious code in browserstack-utils (npm)
Malicious code in azure-container-registry-samples-ts (npm)
Malicious code in f0-state-holder-duke (npm)
Malicious code in @harvest-finance/harvest-strategy-polygon (npm)
Malicious code in @bane-mlb/less-styles (npm)
OpenClaw: Sandboxed agents could escape exec routing via host=node override
Malicious code in elf-stats-twinkling-wishlist-283 (npm)
Malicious code in standalone-apps (npm)
Malicious code in azure-output-customization-samples-ts (npm)
OAuth 2.1 Provider: Unprivileged users can register OAuth clients
Malicious code in buildkite-test-collector-cypress-example (npm)
Malicious code in material-start (npm)
steal vulnerable to Regular Expression Denial of Service via input variable
Malicious code in @apple-pay-trust/start (npm)
Malicious code in @posthog/rrweb (npm)
OpenClaw: Agent hook events could enqueue trusted system events from unsanitized external input
generator-jhipster-entity-audit vulnerable to Unsafe Reflection when having Javers selected as Entity Audit Framework
Malicious code in @azure-tests/perf-service-bus-track-1 (npm)
OpenClaw: Forged Nostr DMs could create pairing state before signature verification
Malicious code in @apple-pay-trust/validate-merchant (npm)
Malicious code in @asyncapi/java-spring-cloud-stream-template (npm)
Malicious code in automate-loadtest-action (npm)
Malicious code in @apple-pay-trust/merchant-session (npm)
Malicious code in @clearpool/streaming (npm)
Denial of Service vulnerability with large JSON payloads in fastify
Malicious code in bankin_thechnical_test (npm)
Malicious code in @google-pay-trust/authorize-payment (npm)
Malicious code in @bootstrap-base-design/bootstrap-base (npm)
Malicious code in @google-pay-trust/cancelled (npm)
Malicious code in @google-pay-trust/finish (npm)
Malicious code in @google-pay-trust/init-google-pay (npm)
string-kit Inefficient Regular Expression Complexity vulnerability
Malicious code in aws-solutions-constructs (npm)
Malicious code in transform-regexp-constructors (npm)
OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read
Malicious code in @tw-utils/static (npm)
Malicious code in @oku-ui/toast (npm)
OpenClaw: Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose`
Malicious code in stream-chain-xor (npm)
Malicious code in elf-stats-snowdusted-wishlist-166 (npm)
Malicious code in elf-stats-nutmeg-stocking-515 (npm)
Malicious code in elf-stats-snuggly-cookie-673 (npm)
Malicious code in elf-stats-sugarplum-star-404 (npm)
Malicious code in elf-stats-sugarplum-stockpile-238 (npm)
Malicious code in elf-stats-tinsel-pantry-856 (npm)
Nuxt OG Image vulnerable to Server-Side Request Forgery via user-controlled parameters
parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing
Malicious code in elf-stats-cranberry-hollyberry-804 (npm)
Malicious code in react-toast-cold (npm)
Malicious code in elf-stats-nutmeg-stockpile-999 (npm)
Malicious code in elf-stats-piney-nightcap-782 (npm)
Malicious code in elf-stats-joyous-hollyberry-121 (npm)
Malicious code in azure-core-rest-pipeline (npm)
Malicious code in azure-core-rest-pipeline-js (npm)
OpenClaw: Tlon settings empty-allowlist reconciliation bypassed intended revocation
Malicious code in elf-stats-sprucey-fireplace-355 (npm)
Malicious code in azure-core-rest-pipeline-ts (npm)
StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service
replicator vulnerable to Deserialization of Untrusted Data
Malicious code in azure-eventhubs-checkpointstore (npm)
Malicious code in elf-stats-marzipan-cocoa-562 (npm)
Malicious code in elf-stats-mulled-snowglobe-636 (npm)
Malicious code in elf-stats-northbound-drum-422 (npm)
OpenClaw: Unrecognized script runners could bypass `system.run` approval integrity
Malicious code in elf-stats-shimmering-garland-476 (npm)
NocoDB Vulnerable to Stored Cross-Site Scripting via Comments and Rich Text Cells
Malicious code in elf-stats-whimsical-pantry-974 (npm)
Malicious code in bitski-quickstart (npm)
OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image
Malicious code in azure-package-name-test (npm)
Malicious code in native-component-list (npm)
Duplicate Advisory: OpenClaw: `fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects
Malicious code in elf-stats-caroling-sled-530 (npm)
Parse Server vulnerable to SQL injection via `Increment` operation on nested object field in PostgreSQL
Malicious code in azure-schema-registry-avro (npm)
JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0
Malicious code in azure-schema-registry-avro-js (npm)
Directus vulnerable to Server-Side Request Forgery On File Import
Malicious code in azure-schema-registry-avro-ts (npm)
Malicious code in azure-schema-registry-js (npm)
Malicious code in azure-storage-queue (npm)
Malicious code in blockstream-adapter (npm)
Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend
Malicious code in body-string-rest (npm)
Malicious code in ward-steward (npm)
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url
Downloads Resources over HTTP in google-closure-tools-latest
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
Malicious code in bolt-styles (npm)
OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
Malicious code in bootstrap-base-design (npm)
OpenClaw: Gateway operator.write Can Reach Admin-Class Channel Allowlist Persistence via chat.send
Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions
Malicious code in bootstrap-base-managed-designs (npm)
Malicious code in bootstrap-base-nabtrade-design (npm)
Malicious code in azurearctest (npm)
Malicious code in @peter_wilson12091/internal-json-test-parser (npm)
Malicious code in requestz-promises (npm)
Malicious code in standard-demo (npm)
Malicious code in @bynder-private/persistgraphql-webpack-plugin (npm)
enclave-vm Vulnerable to Sandbox Escape via Host Error Prototype Chain
Malicious code in bfx-stuff-ui (npm)
Malicious code in bifrostmigrationmonitor (npm)
evershop allows unauthenticated attackers to exhaust application server's resources via "GET /images" API
Malicious code in bootlstap (npm)
OpenClaw: ZIP extraction race could write outside destination via parent symlink rebind
Malicious code in mobile-test-px (npm)
Malicious code in @ch-post-common/common-web-frontend (npm)
Malicious code in cp-area-nao-correntista-fgts-ui (npm)
Command Injection via Unsanitized `locate` Output in `versions()` — systeminformation
OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows
OpenClaw has Windows system.run approval mismatch on cmd.exe /c trailing arguments
Vite's `server.fs.deny` did not deny requests for patterns with directories.
Malicious code in @codahosted/fetlife-assets (npm)
mppx has Stripe charge credential replay via missing idempotency check
TurboBoost Commands vulnerable to arbitrary method invocation
h3: Double Decoding in `serveStatic` Bypasses `resolveDotSegments` Path Traversal Protection via `%252e%252e`
Malicious code in stormapp765 (npm)
OpenClaw: `session_status` sessionId resolution bypasses sandboxed session-tree visibility
Malicious code in @contrast-security-inc/design-system-foundations (npm)
Cube Core is vulnerable to Denial of Service (DoS) via crafted request
OpenClaw exec allowlist safeBins short-option bypass could permit arbitrary file write
Next.js: Unbounded next/image disk cache growth can exhaust storage
OpenClaw `node.pair.approve` placed in `operator.write` scope instead of `operator.pairing` allows unprivileged pairing approval
Malicious code in cdk-fargate-fastautlscaler (npm)
OpenClaw's dispatch-wrapper depth-cap mismatch can bypass shell-wrapper approval gating in system.run allowlist mode
Malicious code in @dqwdqwas/testconf (npm)
OpenClaw: Forwarding header spoofing bypasses gateway.trustedProxies origin detection
Malicious code in client-sdk-contract-tests (npm)
Malicious code in clinstestpackage (npm)
Duplicate Advisory: OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter
basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list()
Vulnogram contains a stored cross-site scripting vulnerability in comment hypertext handling
Malicious code in coldstone-sls (npm)
Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration
LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection
OpenClaw: system.run wrapper-depth boundary could skip shell approval gating
Malicious code in comcast.business.web.ui.trident (npm)
OpenClaw: fetch-guard forwards custom authorization headers across cross-origin redirects
Strapi may leak sensitive user information, user reset password, tokens via content-manager views
Malicious code in dependency-confusion-art-test2 (npm)
Duplicate Advisory: OpenClaw's skills-install-download can be redirected outside the tools root by rebinding the validated base path
ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware
Unauthorized npm publish of cline@2.3.0 with modified postinstall script
Malicious code in dynamic-virtualized-list (npm)
Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation
OpenClaw's hooks count non-POST requests toward auth lockout
qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion
fast-xml-parser vulnerable to Regex Injection via Doctype Entities
Malicious code in hft-frontend-test (npm)
mcp-remote exposed to OS command injection via untrusted MCP server connections
Malicious code in core-guest-spa (npm)
CKEditor5 cross-site scripting vulnerability caused by the editor instance destroying process
Malicious code in npm_test_nothing (npm)
Mattermost Desktop App allows the bypass of Transparency, Consent, and Control (TCC) via code injection
Malicious code in cro-staking (npm)
Malicious code in hosted-checkout-tutorial (npm)
Malicious code in hpathexists (npm)
steal vulnerable to Prototype Pollution via alias variable
Malicious code in azure-purview-administration (npm)
OpenClaw: HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS missing from exec env denylist — RCE via build tool env injection (GHSA-cm8v-2vh9-cxf3 class)
Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
Malicious code in @status-waku-voting/core (npm)
Malicious code in logi-bootstrap (npm)
Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality
Malicious code in loglongakamairequest (npm)
Malicious code in @epc-infra/clinstestpackage (npm)
Malicious code in material-ui-plugin-styles-provider-cache (npm)
OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks
Unsafe plugins can be installed via pack import by tenant admins
Malicious code in mattermost-plugin-docs (npm)
Malicious code in mattermost-push-proxy (npm)
OpenClaw's MSTeams attachment redirect handling could bypass configured media host allowlists
Malicious code in dreactbvotstrap (npm)
Malicious code in ea-test-helpers (npm)
Malicious code in @fbsystem/figma-messenger (npm)
oRPC has Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify
Malicious code in starlink2 (npm)
Malicious code in starter-theme (npm)
Malicious code in stasis-adapter (npm)
OpenClaw: PIP_INDEX_URL and UV_INDEX_URL bypass host exec env sanitization and redirect Python package-index traffic
Mattermost Desktop App fails to sufficiently configure Electron Fuses
Malicious code in dinesh-dev-nagajikkktest11223qa (npm)
Malicious code in mitui-util-test (npm)
RedwoodSDK has a CSRF vulnerability in server function dispatch via GET requests
Malicious code in mephisto-task-compiler (npm)
Malicious code in mephisto-worker-experience (npm)
Cross site scripting Vulnerability in backstage Software Catalog
SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser
OpenClaw: Shell init-file options could satisfy exec allowlist script matching
NocoBase Has SQL Injection via template variable substitution in workflow SQL node
OpenClaw ACP client has permission auto-approval bypass via untrusted tool metadata
n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook
Malicious code in astar-portal-test-depconf (npm)
Parse Server vulnerable to LDAP injection via unsanitized user input in DN and group filter construction
Malicious code in msal-react-quickstart (npm)
Malicious code in fstream-package-2 (npm)
URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect
Malicious code in mynewpkgtest (npm)
Malicious code in netlify-testing-stuff (npm)
Malicious code in new-random-test (npm)
Duplicate Advisory: Nest has a Fastify URL Encoding Middleware Bypass
@grackle-ai/server: Unescaped Error String in renderPairingPage() HTML Template
Mattermost Desktop App allows for bypassing TCC restrictions on macOS
Malicious code in qs-state-visualizer (npm)
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments
Malicious code in kbrstore (npm)
Malicious code in azure-eventhubs-checkpointstore-blob (npm)
Malicious code in kiota-abstractions (npm)
Parse Server: MFA recovery code single-use bypass via concurrent requests
OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")
Malicious code in list-images (npm)
Malicious code in ashion-ingest (npm)
Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry
Fastify has a Body Schema Validation Bypass via Leading Space in Content-Type Header
OpenClaw MS Teams inbound attachment downloader leaks bearer tokens to allowlisted suffix domains
OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients
Malicious code in azure-schema-registry-ts (npm)
Duplicate Advisory: OpenClaw's system.run allowlist bypass via shell line-continuation command substitution
Malicious code in azure-schema-registry (npm)
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following
Malicious code in storage-file-datalake (npm)
Malicious code in sfdc-stream (npm)
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin
Malicious code in strip-json-combmentd (npm)
Malicious code in babelpreset4stag3 (npm)
Malicious code in modernizr-custom (npm)
Malicious code in son-stringiy-safe (npm)
Malicious code in sncicd-tests-run (npm)
OpenClaw affected by iMessage remote attachment SCP hardening (strict host-key checks and remoteHost validation)
@backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass
@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Malicious code in @calcalist/fetlife-assets (npm)
OpenClaw improperly parses X-Forwarded-For behind trusted proxies allows client IP spoofing in security decisions
Malicious code in astrajs (npm)
Malicious code in bitpay-rest-client (npm)
Malicious code in testpkgabc (npm)
Malicious code in test-code-012111 (npm)
Malicious code in @transaction-history/ui-components (npm)
Malicious code in mynewpkgtest1 (npm)
Malicious code in buffer-auth-test (npm)
Malicious code in test-rule-package (npm)
Malicious code in test-task-react-client (npm)
Malicious code in @azure-tests/perf-keyvault-keys (npm)
Malicious code in testingx (npm)
Malicious code in apth-exists (npm)
Malicious code in argo-hosting-api (npm)
Malicious code in aws-ms-deploy-assistant (npm)
Malicious code in azure-arm-storagecache-samples-js (npm)
Malicious code in azure-arm-storageimportexport-samples-js (npm)
Malicious code in azure-arm-storageimportexport-samples-ts (npm)
Malicious code in one-question-survey (npm)
Malicious code in vue-test-utils-mic (npm)
Malicious code in clientlib-manifests (npm)
Malicious code in parcel-plugin-test (npm)
Malicious code in buy-button-storefront (npm)
Malicious code in azure-arm-visualstudio-samples-js-beta (npm)
Malicious code in coldstone-helpers (npm)
Malicious code in azure-storage-blob (npm)
Malicious code in @status-waku-voting/contracts (npm)
Malicious code in azure-storage-file-datalake-samples-ts (npm)
Malicious code in azure-storage-file-share (npm)
Malicious code in country-nationality-list (npm)
@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
Duplicate Advisory: OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks
Malicious code in strapi-provider-upload-aws-s3-auth (npm)
Malicious code in com.unity.modules.unitywebrequesttexture (npm)
Malicious code in bluejeans-api-rest-meetings (npm)
Malicious code in ext-iconv-test (npm)
Malicious code in facebook-nodejs-business-sdk-tests (npm)
Malicious code in streamer-market-dashboard (npm)
Malicious code in vhustlcfimgkwyzq (npm)
OpenClaw: Feishu thread history and quoted messages bypass sender allowlist
Malicious code in chnifdwmostgqvyp (npm)
Malicious code in test2_11931193 (npm)
fast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits (incomplete fix for CVE-2026-26278)
Malicious code in test-proj-for-myself (npm)
Malicious code in container-registry (npm)
Malicious code in testfromauro (npm)
MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport
OpenClaw: Discord DM reaction ingress missed dmPolicy/allowFrom checks in restricted setups
Malicious code in testingpp (npm)
Malicious code in vue2-jest (npm)
Vite has an `server.fs.deny` bypass with an invalid `request-target`
Malicious code in ember-tracked-local-storag (npm)
Malicious code in eslint-config-mattermost (npm)
Malicious code in eslint-plugin-mattermost (npm)
Malicious code in firestore-messagebird-send-msg (npm)
Malicious code in af-test (npm)
Options structure open to Cross-site Scripting if passed unfiltered
Malicious code in ethereumjstox (npm)
Malicious code in @xvideos/test-utils (npm)
dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration
Malicious code in wfs-admin-test (npm)
Malicious code in adiostcheusia (npm)
Malicious code in testhacknowz (npm)
Duplicate Advisory: OpenClaw is vulnerable to unauthenticated resource exhaustion through its voice call webhook handling
fastify vulnerable to denial of service via malicious Content-Type
Malicious code in com.unity.burst (npm)
Malicious code in firstloadedvideopriorityadjuster (npm)
Malicious code in frontend-restclient (npm)
Malicious code in wf-kyt-starter (npm)
Malicious code in wf-kyt-starter-universal (npm)
URIjs Vulnerable to Hostname spoofing via backslashes in URL
Malicious code in instanthangouts (npm)
Malicious code in zsbpwebsdktest (npm)
Duplicate Advisory: OpenClaw: Feishu webhook reads and parses unauthenticated request bodies before signature validation
Malicious code in owa-strings (npm)
webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior
@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass
OpenClaw has a CWD `.env` environment variable injection which bypasses host-env policy and allows config takeover
@nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')
Malicious code in eslint-plugin-elastic-charts (npm)
Malicious code in firstrunwizard (npm)
Malicious code in my-very-first-own-package (npm)
Malicious code in mynewpkgtest5 (npm)
n8n has XSS in Chat Trigger Node through Custom CSS
Malicious code in arcotest1 (npm)
Malicious code in @nothingfu/test (npm)
Malicious code in origami-registry-ui (npm)
Malicious code in discordstream (npm)
OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials
Malicious code in jive-styling-toolkit (npm)
Malicious code in keyvault-mock-attestation (npm)
Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter
Malicious code in presto-webui (npm)
Malicious code in com.unity.modules.unitywebrequest (npm)
Malicious code in com.unity.modules.unitywebrequestassetbundle (npm)
Fastify: Incorrect Content-Type parsing can lead to CSRF attack
Malicious code in @xvideos/install (npm)
Malicious code in pingserver-test.01 (npm)
Malicious code in puppeteerrequestinterceptor (npm)
Malicious code in @dsgn-sys/editor-elements-design-systems (npm)
Malicious code in speedtestsolo (npm)
Malicious code in ajaxmanager-custom (npm)
Malicious code in lightweight-store (npm)
HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover
Malicious code in lido-dao-test-dp (npm)
Malicious code in npm-test-bravol33 (npm)
Malicious code in constant-unifi (npm)
OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints
Malicious code in lodaschisstring (npm)
Malicious code in purplebricks-administration (npm)
Malicious code in dl-testes (npm)
Malicious code in oci-console-navigation-registry (npm)
Malicious code in statfacepy (npm)
Malicious code in eslint-plugin-foody-custom (npm)
OpenClaw has ReDoS and regex injection via unescaped Feishu mention metadata in RegExp construction
Malicious code in pingone-angular-registration (npm)
Malicious code in sovryn-node-integration-tests (npm)
Malicious code in testben (npm)
OpenClaw skills.status could leak secrets to operator.read clients
Malicious code in bluehost-wordpress-plugin (npm)
Malicious code in visual_studio_1_37_1_crack_top_activation_key_latest_2019_win_mac__2rl (npm)
Malicious code in prettier-v3-for-testing (npm)
Duplicate Advisory: OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host
modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests
Malicious code in testing-bounty123 (npm)
Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)
Paperclip: Arbitrary File Read via Agent-Controlled adapterConfig.instructionsFilePath
Malicious code in ood-listener (npm)
Malicious code in sqltest6 (npm)
Malicious code in postman-zendesk-support-theme (npm)
Malicious code in @nexthink/investigations-components (npm)
Malicious code in vrt_hitlijst_generic_voting (npm)
Malicious code in vscode-ui5-language-assistant (npm)
Malicious code in quewynstring (npm)
Malicious code in dbabelpreetstage1 (npm)
Malicious code in mostly-harmless (npm)
Malicious code in perf-storage-file-share (npm)
Malicious code in marketing-jest-cli (npm)
Malicious code in eg-clickstream-sdk-js (npm)
Malicious code in custom-banner-react (npm)
Malicious code in @omega-tracker/omg-abstract-strategy-plugin (npm)
Malicious code in ext-iconv-test-3 (npm)
Malicious code in testing-logger-bush1do-c0de (npm)
Eugeny Tabby Sends Password Despite Host Key Verification Failure
Malicious code in bonded-stablecoin (npm)
Malicious code in astar-portal (npm)
Malicious code in newhistory (npm)
Malicious code in federalist-uswds-jekyll (npm)
Malicious code in registrydependency1 (npm)
Malicious code in @smartsteuer/solo-vue-heroicons (npm)
Malicious code in eumetcast-gluing (npm)
Malicious code in brightspot-styleguide (npm)
AWS Advanced NodeJS Wrapper: Privilege Escalation in Aurora PostgreSQL instance
@hono/node-server: Middleware bypass via repeated slashes in serveStatic
Malicious code in eslintpwuginjest (npm)
Malicious code in web_enhance_sap-stable (npm)
Malicious code in everest-contracts (npm)
Malicious code in evil-test-1 (npm)
Malicious code in lwc-jest-serializer (npm)
Malicious code in test-code-012 (npm)
Malicious code in test_1_59 (npm)
Malicious code in npmupload_test-xxxxxxxxxxxxx (npm)
Malicious code in tetstetegg (npm)
OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup
Malicious code in vue2-amis-custom-widget-kk (npm)
Malicious code in moto-test-int (npm)
Malicious code in zonduutest (npm)
Malicious code in gradient-stringss (npm)
Malicious code in ufx-lib-wrk-state (npm)
Parse Server has a stored XSS filter bypass via Content-Type MIME parameter and missing XML extension blocklist entries
jsrsasign: Division by Zero Allows Invalid JWK Modulus to Cause Deterministic Zero Output in RSA Operations
Malicious code in hoisting-peer-check-child (npm)
Malicious code in instant_verb_tables_roxanne_burns_pdf___hot___uy4 (npm)
Malicious code in world-id-onchain-starter (npm)
NocoDB has Prototype Pollution in Connection Test Endpoint, Leading to DoS
Malicious code in karma-jasmine-i-request (npm)
Malicious code in reftest-helper (npm)
Malicious code in @diotoborg/distinctio-quaerat (npm)
OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags
Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview
yaml is vulnerable to Stack Overflow via deeply nested YAML collections
Malicious code in @diotoborg/eligendi-est-unde (npm)
Malicious code in @diotoborg/enim-molestias (npm)
Malicious code in infrastructure_skypefeedback_tools (npm)
OpenClaw: Windows-compatible env override keys could bypass system.run approval binding
OpenClaw: Empty approver lists could grant explicit approval authorization
Malicious code in @diotoborg/eum-nostrum (npm)
Malicious code in perf-storage-file-share-track-1 (npm)
Malicious code in zilliqa-testing-library (npm)
OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets
OpenClaw: QMD memory_get restricts reads to canonical or indexed memory paths
Malicious code in crack_vialibera_gestione_contabile_free__qls (npm)
Malicious code in criteo-static-variables-datasource (npm)
Malicious code in launcher-start-page (npm)
Malicious code in @diotoborg/nisi-molestiae (npm)
OpenClaw: Tlon media downloads can bypass core safety limits and exhaust disk
Malicious code in sp-bootstrap (npm)
Malicious code in stringjs_lib (npm)
Malicious code in rust-functions (npm)
Malicious code in testingsomethingforscanner (npm)
Malicious code in afe-host-client (npm)
Malicious code in awsspeedtest (npm)
Malicious code in stedi-integrations (npm)
Malicious code in mitui-util-bootstrap (npm)
Malicious code in eslint-config-scp-custom-rules (npm)
Malicious code in eslint-plugin-scp-custom-rules (npm)
OpenClaw: Leaf subagents could steer sibling sessions across sandbox boundaries
Malicious code in storyblok-bridge (npm)
Malicious code in @freestarcapital/collector-pipeline (npm)
OpenClaw's system.run approvals did not bind mutable script operands across approval and execution
OpenClaw: `session_status` still bypasses configured `tools.sessions.visibility` for unsandboxed invocations
OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement
Malicious code in stylesheeet (npm)
Malicious code in malicious-pre-install-package (npm)
express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network
Malicious code in testapp00009 (npm)
Malicious code in mynewpkgtest2 (npm)
Malicious code in testdir12345 (npm)
Malicious code in manualtestapp (npm)
Malicious code in mynewpkgtest4 (npm)
Malicious code in testing-npm-random (npm)
Malicious code in @incisive/rvtestmodule (npm)
Mass Assignment in AdonisJS Lucid Allows Overwriting Internal ORM State
Malicious code in monday-react-quickstart-app (npm)
Ghost vulnerable to arbitrary file read via symlinks in content import
Malicious code in @uc-maps/test (npm)
Malicious code in onno-missing-2023-full-movies-at-home-streamnig (npm)
Malicious code in incisive_testing_stuffasdasdasd (npm)
Malicious code in @bitsoex/react-design-system (npm)
Mattermost Desktop App exposes sensitive information in its application logs
Malicious code in dow-load-get-your-sht-together-how-to-stop-worrying-about-what-you-should-do-so-you-can-fi (npm)