ws
496 known vulnerabilities · 12 critical · 44 high
ws affected by a DoS when handling a request with many HTTP headers
Pug allows JavaScript code execution if an application accepts untrusted input
OpenClaw: Untrusted workspace channel shadows could execute during built-in channel setup
OpenClaw's andbox browser noVNC observer lacked VNC authentication
Paperclip: Cross-tenant agent API key IDOR in `/agents/:id/keys` routes allows full victim-company compromise
nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit
ghost vulnerable to unauthorized newsletter modification via improper access controls
OpenClaw: Path traversal via inbound channel attachment path in ACP dispatch allows arbitrary file read
Malicious code in @browserbasehq/stagehand-docs (npm)
thlorenz browserify-shim vulnerable to prototype pollution
OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding
Linkify Allows Prototype Pollution & HTML Attribute Injection (XSS)
Markdownify MCP Server allows Server-Side Request Forgery (SSRF) via the Markdownify.get() function
Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows
Oceanic allows unsanitized user input to lead to path traversal in URLs
radashi Allows Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Malicious code in awsmcc (npm)
Malicious code in aws-features-signin-proxy-client (npm)
Malicious code in aws-ui-component-select (npm)
phoenix_html allows Cross-site Scripting in HEEx class attributes
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)
n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner
OpenClaw has a Command Injection via unescaped environment assignments in Windows Scheduled Task script generation
Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace
Electron: Unquoted executable path in app.setLoginItemSettings on Windows
@node-oauth/oauth2-server: PKCE code_verifier ABNF not enforced in token exchange allows brute-force redemption of intercepted authorization codes
OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode
Macro in MathJax running untrusted Javascript within a web browser
Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows
Exfiltration of hashed SMB credentials on Windows via file:// redirect
tarteaucitron.js allows url scheme injection via unfiltered inputs
Directus allows redacted data extraction on the API through "alias"
OpenClaw has command injection via Windows shell fallback in Lobster tool execution
Shescape potential environment variable exposure on Windows with CMD
OpenClaw is Missing Webhook Authentication in Telnyx Provider Allows Unauthenticated Requests
OneUptime: Synthetic Monitor RCE via exposed Playwright browser object
webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser
OpenClaw: Chrome --no-sandbox disabled OS-level browser sandbox in sandbox browser container
OpenClaw: Media download follows cross-origin redirects with Authorization headers intact
OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution
hono Improperly Handles JSX Attribute Names Allows HTML Injection in hono/jsx SSR
Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id
OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage
OpenClaw: Browser SSRF policy default allowed private-network navigation
parse-server's endpoint `/loginAs` allows `readOnlyMasterKey` to gain full read and write access as any user
llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding
path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability
Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows
OpenClaw's Telegram message_reaction authorization bypass allows unauthorized system-event injection
SSRF in @aborruso/ckan-mcp-server via base_url allows access to internal networks
pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)
Parse Server's custom object ID allows to acquire role privileges
OpenClaw browser navigation guard allowed non-network URL schemes, enabling authenticated browser-tool users to access file:// local files
h3 has a Path Traversal via Percent-Encoded Dot Segments in serveStatic Allows Arbitrary File Read
Downloads Resources over HTTP in dalek-browser-chrome-canary
OpenClaw: Slack interactive callbacks could skip configured sender checks in some shared-workspace flows
Buttercup allows attackers to obtain the hash of the master password
Hono allows bypass of CSRF Middleware by a request without Content-Type header.
Flowise Cross-site Scripting in /api/v1/public-chatflows/id
OpenClaw: Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode
tarteaucitron.js allows prototype pollution via custom text injection
Duplicate Advisory: OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions
Malicious code in aws-greengrass-provisioner (npm)
Better Auth Passkey Plugin allows passkey deletion through IDOR
pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin
Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client
Malicious code in gulp-browserify-thin (npm)
Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime
Malicious code in mv-browser-support (npm)
Shescape has potential environment variable exposure on Windows with CMD
Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation
OpenClaw: Self-Whitelisting in appendLocalMediaParentRoots Allows Arbitrary File Read & Credential Exfiltration
Malicious code in aws-amplify-unicorntrivia-workshop (npm)
Malicious code in aws-centralized-logging (npm)
BrowserStack Local vulnerable to Command Injection through logfile variable
Parse Server session creation endpoint allows overwriting server-generated session fields
Malicious code in ssf-desktop-api-browser (npm)
n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks
AWS Lambda parser is vulnerable to Regular Expression Denial of Service
Malicious code in browserstack-utils (npm)
@mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools
codecov NPM module allows remote attackers to execute arbitrary commands
Malicious code in aws-perspective (npm)
Malicious code in aws-simple-cicd (npm)
Malicious code in aws-solutions-constructs (npm)
OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read
Malicious code in azure-event-hubs-browser (npm)
OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image
Microsoft Playwright MCP Server vulnerable to DNS Rebinding Attack; Allows Attackers Access to All Server Tools
evershop allows unauthenticated attackers to exhaust application server's resources via "GET /images" API
Duplicate Advisory: Command Injection via unescaped environment assignments in Windows Scheduled Task script generation
OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows
OpenClaw has Windows system.run approval mismatch on cmd.exe /c trailing arguments
thlorenz browserify-shim vulnerable to prototype pollution
n8n Unsafe Workflow Expression Evaluation Allows Remote Code Execution
OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling
billboard.js allows prototype pollution via the function generate
OpenClaw `node.pair.approve` placed in `operator.write` scope instead of `operator.pairing` allows unprivileged pairing approval
Malicious code in cobrowse-common (npm)
OpenClaw's Node role device-identity bypass allows unauthorized node.event injection
@actual-app/sync-server: Missing authorization in sync endpoints allows cross-user budget file access in multi-user mode
Malicious code in com.unity.xr.windowsmr (npm)
Malicious code in com.unity.xr.windowsmr.metro (npm)
Strapi may leak sensitive user information, user reset password, tokens via content-manager views
qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion
basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands
Mattermost Desktop App allows the bypass of Transparency, Consent, and Control (TCC) via code injection
OpenClaw's non-default autoAllowSkills setting could bypass on-miss exec prompt
fhir-works-on-aws-authz-smart handles permissions improperly
Mattermost Desktop App allows for bypassing TCC restrictions on macOS
Directus `search` query parameter allows enumeration of non permitted fields
OpenClaw improperly parses X-Forwarded-For behind trusted proxies allows client IP spoofing in security decisions
thlorenz browserify-shim vulnerable to prototype pollution
Malicious code in aws-ms-deploy-assistant (npm)
Malicious code in sa-kws-demo-web (npm)
Malicious code in strapi-provider-upload-aws-s3-auth (npm)
MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport
Malicious code in wdesk_browser_environment (npm)
Malicious code in cms-ui-views (npm)
OpenClaw has a CWD `.env` environment variable injection which bypasses host-env policy and allows config takeover
Malicious code in @ws-amplify/core (npm)
OpenClaw: Browser snapshot and screenshot routes could expose internal page content after navigation
OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints
JWS and JWT signature validation vulnerability with special characters
React Router allows pre-render data spoofing on React-Router framework mode
Malicious code in aws-logs (npm)
MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827
AWS Advanced NodeJS Wrapper: Privilege Escalation in Aurora PostgreSQL instance
Malicious code in abu-news-api (npm)
jsrsasign: Division by Zero Allows Invalid JWK Modulus to Cause Deterministic Zero Output in RSA Operations
OpenClaw: Windows-compatible env override keys could bypass system.run approval binding
OpenClaw: Discord text `/approve` bypasses `channels.discord.execApprovals.approvers` and allows non-approvers to resolve pending exec approvals
Electron protocol handler browser vulnerable to Command Injection
Malicious code in loblaws-mkt-bundle (npm)
Malicious code in awsspeedtest (npm)
OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement
Mass Assignment in AdonisJS Lucid Allows Overwriting Internal ORM State
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
DOMPurify USE_PROFILES prototype pollution allows event handlers
Malicious code in node-jaws (npm)
Malicious code in @browserbasehq/mcp (npm)
Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion
OpenClaw safeBins jq `$ENV` filter bypass allows environment variable disclosure
OpenClaw: Sender policy bypass in host media attachment reads allows unauthorized local file disclosure
Apollo Server: Browser bug allows for bypass of XS-Search (read-only Cross-Site Request Forgery) prevention
Malicious code in @asyncapi/nodejs-ws-template (npm)
tarteaucitron.js allows UI manipulation via unrestricted CSS injection
Vercel Workflow Allows Webhook Creation with Predictable User-Specified Tokens
OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host
Malicious code in @kvytech/medusa-plugin-product-reviews (npm)
Malicious code in @clausehq/flows-step-sendgridemail (npm)
Malicious code in angra_temple_of_shadows_songbook_pdf_105_kssry (npm)
Malicious code in vue-gws (npm)
jsPDF has PDF Injection in AcroFormChoiceField that allows Arbitrary JavaScript Execution
Malicious code in aws-check (npm)
Malicious code in legacyreact-aws-s3-typescript (npm)
Malicious code in new-al-bum-av-ailable-2014-15374-tourniquets-hacksaws-and-graves-53p3g-eabxqr (npm)
Duplicate Advisory: OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows
Malicious code in @wso-utils/json-mapper (npm)
OpenClaw: Browser interaction routes could pivot into local CDP and regain file reads
Malicious code in abunews-components (npm)
Electron: Named window.open targets not scoped to the opener's browsing context
OpenClaw: Browser tabs action select and close routes bypassed SSRF policy
estree-util-value-to-estree allows prototype pollution in generated ESTree
evershop allows unauthenticated attackers to force server to initiate HTTP request via "GET /images" API
Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate
hemmelig allows SSRF Filter bypass via Secret Request functionality
Duplicate Advisory: OpenClaw has browser trace/download path symlink escape in temp output handling
OpenClaw's hook transform module path allows traversal and arbitrary JavaScript module loading
llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields
Malicious code in com.unity.assetbundlebrowser (npm)
Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory
Vite allows server.fs.deny to be bypassed with .svg or relative paths
Malicious code in @clausehq/flows-step-httprequest (npm)
Malicious code in @clausehq/flows-step-jsontoxml (npm)
Malicious code in @clausehq/flows-step-mqtt (npm)
Duplicate Advisory: OpenClaw: Windows media loaders accepted remote-host file URLs before local path validation
Malicious code in medusa-plugin-product-reviews-kvy (npm)
Malicious code in aws-centralized-waf-and-vpc-security-group-management (npm)
Malicious code in aws-data-api-ux (npm)
Malicious code in aws-data-replication-hub (npm)
Malicious code in aws-delivlib-sample (npm)
OpenClaw: Incomplete host-env-security-policy allows untrusted model to substitute compiler binaries via env overrides
Malicious code in node-js-playwright-browserstack (npm)
Fastify's Content-Type header tab character allows body validation bypass
OpenClaw: Sandbox noVNC helper route exposed interactive browser session credentials
Malicious code in vue2-webviews (npm)
Zowe CLI allows storage of previously entered secure credentials in a plaintext file
Malicious code in browsersilst (npm)
Malicious code in browserslist-config-freight-trust (npm)
http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed
OpenClaw has a path traversal in browser trace/download output paths may allow arbitrary file writes
Malicious code in mws-common-ui (npm)
Malicious code in co-browsing (npm)
Malicious code in browser-gaming-client (npm)
OpenClaw has a path traversal in browser upload allows local file read
Malicious code in @zapier/browserslist-config-zapier (npm)
OpenClaw has Windows Lobster shell fallback command injection in constrained fallback path
OpenClaude: Sandbox Bypass via Early-Exit Logic Flaw Allows Path Traversal
Electron: Use-after-free in PowerMonitor on Windows and macOS
Directus allows unauthenticated file upload and file modification due to lacking input sanitization
Malicious code in kagi_browser_ext (npm)
OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows
OpenClaw: Windows media loaders accepted remote-host file URLs before local path validation
OpenClaw: Node browser proxy `allowProfiles` bypass through persistent profile mutation and runtime profile selection
Malicious code in new-relic-browser (npm)
Malicious code in jade-browserify (npm)
Malicious code in windowscleaner (npm)
Shescape on Windows escaping may be bypassed in threaded context
Malicious code in outline-shadowsocksconfig (npm)
Parse Server's Session Update endpoint allows overwriting server-generated session fields
Malicious code in @mcd-gws/fetlife-assets (npm)
Malicious code in dws-dx (npm)
OpenClaw's browser-origin WebSocket auth hardening gap could enable loopback password brute-force chains
Hono IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing
OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning
Malicious code in mongodb-stitch-browser-testutils (npm)
OneUptime:: node:vm sandbox escape in probe allows any project member to achieve RCE
Better Auth allows bypassing the trustedOrigins Protection which leads to ATO
Malicious code in trae-browser-inspect (npm)
Malicious code in img-aws-s3-object-multipart-copy (npm)
OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions
CpenClaw's ACPX Windows wrapper shell fallback allowed cwd injection in specific paths
Uptime Kuma Server-side Template Injection (SSTI) in Notification Templates Allows Arbitrary File Read
AngularJS allows attackers to bypass common image source restrictions
Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains
OpenClaw: Android accepted cleartext remote gateway endpoints and sent stored credentials over ws://
OpenClaw has Browser SSRF Policy Bypass via Interaction-Triggered Navigation
Malicious code in browser-sign-in (npm)
Qwik City has array method pollution in FormData processing allows type confusion and DoS
Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions
StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts
OpenClaw has auth inconsistency on local Browser Extension Relay /extension endpoint
OpenClaw: Sandbox media fallback tmp symlink alias bypass allows host file reads outside sandboxRoot
Duplicate Advisory: ACPX Windows wrapper shell fallback allowed cwd injection in specific paths
Claude Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes
OpenClaw: Existing WS sessions survive shared gateway token rotation
Malicious code in @fishingbooker/browser-sync-plugin (npm)
Malicious code in aws-public (npm)
Malicious code in browser-client-neptune (npm)
OpenClaw: Marketplace Plugin Download Follows Redirects Without SSRF Protection
Malicious code in zip-mp3-a-lbum-do-wnload-new-gift-of-screws-q2h3s-xswcix (npm)
OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding
OpenClaw `node.invoke(browser.proxy)` bypasses `browser.request` persistent profile-mutation guard
OpenClaw: Sandbox browser CDP relay could expose DevTools protocol on 0.0.0.0
Malicious code in dowsersync (npm)
Malicious code in browser-warning-ui (npm)
Malicious code in browser-wurfl (npm)
Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling Directories
Malicious code in adult-content-detection-aws (npm)
Malicious code in opbox-web-browser (npm)
Malicious code in my-rei-browser-shim (npm)
Malicious code in open-data-registry-browser (npm)
SillyTavern: Path Traversal allows file existence oracle
Malicious code in belzqadykjcpmwsk (npm)
passport-wsfed-saml2 vulnerable to Signature Bypass in SAML2 token
Malicious code in loblaws-mkt (npm)
AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value
Malicious code in lana-ws (npm)
Azure MCP Server has Server-Side Request Forgery issue that allows authorized attacker to elevate privileges over a network
Duplicate Advisory: OpenClaw has Windows Lobster shell fallback command injection in constrained fallback path
n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability
Hono JWT Middleware's JWT Algorithm Confusion via Unsafe Default (HS256) Allows Token Forgery and Auth Bypass
Malicious code in lezer-snowsql (npm)
Malicious code in @browserbasehq/bb9 (npm)
Malicious code in @browserbasehq/director-ai (npm)
Vditor allows Cross-site Scripting via an attribute of an `A` element
OneUpTime's Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE
SillyTavern: Path Traversal in `/api/chats/export` and `/api/chats/delete` allows arbitrary file read/delete within user data root
OpenClaw's incomplete host env sanitization blocklist allows supply-chain redirection via package-manager env overrides
Malicious code in string_decoder-browserify (npm)
mathjs Allows Improperly Controlled Modification of Dynamically-Determined Object Attributes
OneUptime has Synthetic Monitor RCE via exposed Playwright browser object
Malicious code in @wso-utils/localization (npm)
Malicious code in athira-windows-arm64 (npm)
Malicious code in @wso-utils/form-utils (npm)
AngularJS allows attackers to bypass common image source restrictions
OpenClaw's Browser Relay /cdp websocket is missing auth which could allow cross-tab cookie access
OpenClaw vulnerable to path traversal in Feishu media temp-file naming allows writes outside os.tmpdir()
OpenClaw: Browser control startup could continue unauthenticated after auth bootstrap failure
Malicious code in wsticket (npm)
Malicious code in athira-windows-x64 (npm)
MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL
Malicious code in sentrybrowser5 (npm)
OpenClaw has browser trace/download path symlink escape in temp output handling
Marked allows Regular Expression Denial of Service (ReDoS) attacks
Malicious code in grenache-browser-http (npm)
Malicious code in vkchtoewspkjrfld (npm)
Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader
Duplicate Advisory: OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling
FUXA allows Remote Code Execution (RCE) via the project import functionality.
OpenClaw: Strict browser SSRF bypass in Playwright redirect handling leaves private targets reachable
Malicious code in woo-better-reviews (npm)
xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion
StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings
Malicious code in aws-target-mediator (npm)
OpenClaw's Windows cmd.exe parsing may bypass exec allowlist/approval gating
Duplicate Advisory: OpenClaw's andbox browser noVNC observer lacked VNC authentication
Malicious code in browser-timings (npm)
Claude Code Command Validation Bypass Allows Arbitrary Code Execution
Malicious code in @xvideos/aws (npm)
Malicious code in awsume (npm)
jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property)
Malicious code in moralis-web3-providers-ws (npm)
Malicious code in elasticagent-windows-arm (npm)
Malicious code in int-browsing-gateway (npm)
Malicious code in nemo-jaws (npm)
systeminformation has a Command Injection vulnerability in fsSize() function on Windows
Path traversal in oak allows transfer of hidden files within the served root directory
Malicious code in ainruohkpglvwsmj (npm)
Malicious code in jbrowse (npm)
Malicious code in @kvytech/medusa-plugin-newsletter (npm)
OpenClaw's dashboard leaked gateway auth material via browser URL/query and localStorage
OpenClaw: `browser.request` still allows `POST /reset-profile` through the `operator.write` surface
OpenClaw: `browser.request` let `operator.write` persist admin-only browser profile changes
Malicious code in ig-release-aws (npm)
Malicious code in mergify-browser-extension (npm)
Malicious code in aws-instance-scheduler (npm)
Malicious code in aws-iot-greengrass-accelerators (npm)
Malicious code in aws-track-and-trace (npm)
Malicious code in aws-video-transcriber (npm)
OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows
Hono: Path traversal in toSSG() allows writing files outside the output directory
Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo
Malicious code in sentrybrowser7 (npm)
Malicious code in lingewindows (npm)
Malicious code in bfx-ws2-api-audit (npm)
Malicious code in platform-browser-dynamic (npm)
Malicious code in ntwsx (npm)
Malicious code in vue-webviews (npm)
Malicious code in ember-views (npm)
Malicious code in crooked-kingdom-six-of-crows-2-by-leigh-bardugo-on-mac-full-format- (npm)
Malicious code in evycfpkhwsoqljrg (npm)
Malicious code in pdf-reading-the-signs-by-keira-andrews-on-textbook-new-chapters- (npm)
Malicious code in jan-browser (npm)
Malicious code in browser-compat-data (npm)
Malicious code in nnabla-browser (npm)
Malicious code in node-hide-console-windows (npm)
Malicious code in loblaws-product-listing (npm)
Malicious code in loblawsdigitalflyer (npm)
Malicious code in windowsreveal (npm)
Malicious code in whatsapp-flows-endpoint (npm)
Malicious code in newsda (npm)
Malicious code in web3tool-providers-ws (npm)
Malicious code in mqttoverwsprovider (npm)
Malicious code in awsm-core (npm)
Malicious code in nextcloud-news (npm)
Malicious code in ng-browser-info (npm)
Malicious code in trex-proxy-browser-extension-sdk (npm)
react-dev-utils on Windows vulnerable to Remote Code Execution
Malicious code in si-wsl (npm)
Malicious code in ai-aws-manager (npm)
Directus: TUS Upload Authorization Bypass Allows Arbitrary File Overwrite
Malicious code in aws-iot-samples-util (npm)
SillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6
Malicious code in azure-accessplatform-windows-gpu (npm)
Malicious code in jaws-node (npm)
Malicious code in axios-browseragent (npm)
Malicious code in facetec-browser-sdk (npm)
Malicious code in browserslist-config-usaa (npm)
Malicious code in browserslist-db (npm)
Malicious code in identity-browser-manual-tests (npm)
Malicious code in update-browserslist (npm)
Malicious code in @postman/pm-bin-windows-x64 (npm)
Malicious code in ps-request-ws (npm)
Malicious code in freekws-devportal-api-client-angular (npm)
Malicious code in freekws-devportal-api-client-nestjs (npm)
Malicious code in rawspec (npm)
Malicious code in @clausehq/flows-step-taskscreateurl (npm)
Malicious code in react-hackernews-bootcamp-one-v2 (npm)
Malicious code in @hemanshu_patil/xcode-windows-x64 (npm)
Malicious code in print-vault-browser (npm)
Malicious code in proton-vpn-browser-extension (npm)
Malicious code in reviewstack (npm)
Malicious code in react-native-windows-repo (npm)
Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel
Malicious code in windows-confirm (npm)
Malicious code in kbxozjiervwstgyp (npm)
Malicious code in @ntnx/passport-wso2 (npm)
Malicious code in windows-version-check (npm)
Malicious code in @browserbasehq/mcp-server-browserbase (npm)
Malicious code in @browserbasehq/sdk-functions (npm)
Malicious code in @browserbasehq/stagehand (npm)
Malicious code in vue-browserupdate-nuxt (npm)
Malicious code in service-workbench-on-aws (npm)
Malicious code in @adidas-data-mesh/common-aws (npm)
Malicious code in gme-loblawsinc (npm)
OpenClaw's owner-only gateway tool access checks were incomplete in specific authenticated DM flows
OpenClaw: node.pair.approve missing callerScopes validation allows low-privilege operator to approve malicious nodes
Malicious code in newspack-blocks (npm)
Malicious code in social-previews (npm)
OpenClaw: Unified root-bound write hardening for browser output and related path-boundary flows
Malicious code in @velorum/browser-authenticator (npm)
Malicious code in steamdb-browser-extension (npm)
jsrsasign: Incomplete Comparison Allows DSA Private Key Recovery via Biased Nonce Generation
vercel/serve allows access to restricted files if filename is URL encoded.
@delmaredigital/payload-puc is missing authorization on /api/puck/* CRUD endpoints allows unauthenticated access to Puck-registered collections
Tryton sao allows XSS because it does not escape completion values
Strapi allows unauthenticated attacker to reset admin password without valid reset token
Malicious code in sentrybrowser (npm)
pnpm Has Lockfile Integrity Bypass that Allows Remote Dynamic Dependencies
i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite
Malicious code in ideals-views (npm)
Malicious code in skinnyvans-windows-arm64 (npm)
Malicious code in skinnyvans-windows-x64 (npm)
Malicious code in ws-gp-security-action (npm)
Malicious code in wso-core (npm)
Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution
Malicious code in codeceptjs-browserstack (npm)
Malicious code in lolnews (npm)
SillyTavern has a path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory
Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write
Malicious code in efergvthdaadgfhrgewsfqwf (npm)
Malicious code in axios-browserify (npm)
Malicious code in cowsay-allcaps (npm)
Malicious code in cowsay-caps (npm)
Malicious code in cowsay-deluxe (npm)
Malicious code in cowsay-fancy (npm)
Malicious code in ntwsc (npm)
Malicious code in awsm-acslibs (npm)
Malicious code in browser-nextjs (npm)
Malicious code in analytics-browser (npm)
Malicious code in browserstack-electron-forge-include-package-plugin (npm)
Malicious code in windows-api-codec-pack (npm)
Malicious code in aws-crt-nodejs (npm)
Malicious code in windowston (npm)
Malicious code in dev.voltstro.unitywebbrowser (npm)