132 matches found
Unsafe Dependency Resolution
Overview neuro-cortex-memory is a Scientifically-grounded memory system based on computational neuroscience research Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the CLAUDEPROJECTDIR environment variable, which is treated as a trusted source directory witho...
Unsafe Dependency Resolution
Overview @pnpm/building.policy is a Create a function for filtering out dependencies that are not allowed to be built Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the approval process for dependency sources. An attacker can execute unauthorized code during...
Unsafe Dependency Resolution
Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the approval process for dependency sources. An attacker can execute unauthorized code during the build lifecycle by crafting a dependency source...
CVE-2026-55180
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded $ENVVAR placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations and registry credentials. A malicious repository could cause dependency resolution to send victim...
Unsafe Dependency Resolution
Overview org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users. Affected versions of this package are vulnerable to Unsafe Dependency Resolution via Groovy AST transformation annotations during...
Unsafe Dependency Resolution
Overview @theia/ai-chat is a Theia - AI Chat Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic loading of .prompts/.prompttemplate files in a workspace. An attacker can manipulate the AI agent's system instructions by introducing crafted...
Unsafe Dependency Resolution
Overview @theia/ai-claude-code is a Theia - Claude Code Integration Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic loading of .prompts/.prompttemplate files in a workspace. An attacker can manipulate the AI agent's system instructions by...
Unsafe Dependency Resolution
Overview @theia/ai-ide is an AI IDE Agents Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic loading of .prompts/.prompttemplate files in a workspace. An attacker can manipulate the AI agent's system instructions by introducing crafted...
Unsafe Dependency Resolution
Overview @theia/workspace is a Theia - Workspace Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the processing of custom task definitions from workspace configuration files. An attacker can execute arbitrary commands with the user's privileges by...
Unsafe Dependency Resolution
Overview @theia/debug is a Theia - Debug Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the processing of custom task definitions from workspace configuration files. An attacker can execute arbitrary commands with the user's privileges by crafting a...
Unsafe Dependency Resolution
Overview @theia/task is a Theia - Task extension. This extension adds support for executing raw or terminal processes in the backend. Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the processing of custom task definitions from workspace configuration files. A...
Unsafe Dependency Resolution
Overview @theia/ai-chat-ui is a Theia - AI Chat UI Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic loading of .prompts/.prompttemplate files in a workspace. An attacker can manipulate the AI agent's system instructions by introducing...
Unsafe Dependency Resolution
Overview @theia/ai-chat is a Theia - AI Chat Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introduci...
Unsafe Dependency Resolution
Overview @theia/ai-ide is an AI IDE Agents Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introducing...
Unsafe Dependency Resolution
Overview @theia/ai-chat-ui is a Theia - AI Chat UI Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by...
Unsafe Dependency Resolution
Overview @theia/ai-code-completion is a Theia - AI Core Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by...
Unsafe Dependency Resolution
Overview @theia/ai-claude-code is a Theia - Claude Code Integration Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions...
PT-2026-49775
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description An environment variable injection exists where the STATE DIRECTORY variable in a workspace .env file can influence bundled runtime dependency roots. This allows attackers to manipulate STATE...
Unsafe Dependency Resolution
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution via manipulation of the extension metadata process. An attacker can execute arbitrary code by redirecting the loading process toward unscanned package payload...
Unsafe Dependency Resolution
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...