NPM: vm2 has a Sandbox Escape Vulnerability

NPM: vm2 has a Sandbox Escape Vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.5...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +12 more potentially affected by CVE-2026-41340 via openclaw (>=2026.3.22 <=2026.3.28)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-41340 Source advisory: SNYK:JS-OPENCLAW-15893808...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses npm-11.7.0.tgz which is vulnerable to CVE-2026-0775.

Summary IBM Maximo Application Suite - Visual Inspection component uses npm-11.7.0.tgz which is vulnerable to CVE-2026-0775, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-0775 DESCRIPTION: npm cli Incorrect Permission...

@aaronuu/react-forms (>=0.0.1 <=0.2.2), @actra-development-oss/redux-persist-transform-filter-immutable (>=0.1.1 <=1.0.0) +773 more potentially affected by CVE-2025-13465 via lodash.unset (>=4.0.2 <=4.5.2)

lodash.unset NPM version =4.0.2, =0.0.1, =0.1.1, =0.1.0, =0.0.1, =1.1.0, =0.0.4, =1.8.28, =1.1.0, =0.1.2, =0.0.1, =0.1.0, =0.0.1, =2.1.1 and more Source cves: CVE-2025-13465 Source advisory: SNYK:JS-LODASHUNSET-15053837...

CVE-2020-10953

In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue...

MAL-2025-188526 Malicious code in paleomagnetism-levels-rocket-dependencies (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac6239ea4745b7e2cbf904de78f70e9f3f56989717525f63879e5b541bc276dc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186475 Malicious code in dagda-spawn-selenium-vega (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 577b28c0b18bb61c9dd2efacf6fc2620489f0e87c664c1ceb83b6663cf92d7ff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176021

Malicious code in telesto-nova-zenobia-sublimation npm...

EUVD-2025-141905

Malicious code in goodafiun-nuiya-gifa npm...

EUVD-2025-139771

Malicious code in nokire-nakaocil8 npm...

EUVD-2025-144832

Malicious code in victoriaevans npm...

MAL-2025-158342 Malicious code in lookingan-konami78 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63fda8bed46acbe44e0e21745af2cfc6cec952f7d62692fd1da692dd7c8f377e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-114093

Malicious code in eleventy-zephyr-radiant-subscription npm...

EUVD-2025-90331

Malicious code in literaryroosterz3n npm...

EUVD-2025-76848

Malicious code in finefrog-gooddev npm...

MAL-2025-101690 Malicious code in dizzy_pinniped_dumbs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39c78bad195045243eaab713742f22e5217f63cbb90fc382a1d2096d898c132d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-81928

Malicious code in fashionableostrich0xrequest npm...

EUVD-2025-70808

Malicious code in dian-lepet30-ruro npm...

EUVD-2025-85593

Malicious code in ida-peyek39-miaww npm...

EUVD-2025-59631

Malicious code in fitri-jamblang2-sluey npm...