136739 matches found
GHSA-F6WW-3GGP-FR8H vulnerabilities
Vulnerabilities for packages: saf, npm, sqlpad...
CVE-2026-41674 vulnerabilities
Vulnerabilities for packages: saf, npm, sqlpad...
CVE-2026-41673 vulnerabilities
Vulnerabilities for packages: saf, npm, sqlpad...
NPM: Axios: Header Injection via Prototype Pollution
NPM: Axios: Header Injection via Prototype Pollution vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...
GHSA-X3H8-JRGH-P8JX OpenClaw's exec allowlist analysis rejects shell expansion in unquoted heredocs
Summary Exec allowlist analysis rejects shell expansion in unquoted heredocs Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact An allowlisted command containing an unquoted heredoc could hide shell expansion in the heredoc body...
Malicious code in ms.analytics-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8603a11b43db05d179ab55b635a517ed40832c05fc4365a1ba69d2ec1eb5092 The package ms.analytics-web was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3338 Malicious code in ms.analytics-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8603a11b43db05d179ab55b635a517ed40832c05fc4365a1ba69d2ec1eb5092 The package ms.analytics-web was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3329 Malicious code in api-typings (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a549cfdf0cbbfa203632d6fe432f69fa60578b8d81b03b75c2bece912aa0c588 The package api-typings was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in pocpoc2626 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a43e5357592b2bbbe0c68be3960ac829ab988a15b57d63df5ab954c9d0b5b09 The package pocpoc2626 was found to contain malicious code. Source: ossf-package-analysis...
Malicious Package
Overview @tw-marionette/clipboard is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @google-pay-trust/cancelled is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @apiary-annex/meta is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in @montanatonytest/app.web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae7604e0d0f1f42d621917113451c0b0583f2c74d4bbe59d92db2cf68101c674 The package @montanatonytest/app.web was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3317 Malicious code in @apple-pay-trust/destroy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6515019a886959d905d728f0fdcebeb16aa3e62bcf2e2643c0424ba87aeb8f79 The package @apple-pay-trust/destroy was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3318 Malicious code in @b2b_blocker/hide_activation_error (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7cbbf4ca3aa2fddd7145289bbf2f3ee83ef30e0fb6aa1163f465c4175cd22aec The package @b2bblocker/hideactivationerror was found to contain malicious code. Source: ghsa-malware...
Malicious code in temhe-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c9e5d48f36a9f7f2fd80c126d14811be70cc210a382e9edc85d3bc1c4c62968 The package temhe-dev was found to contain malicious code. Source: ghsa-malware 117ca92e4f6c30bab5d2538e054b527cadbd72387d055860a3baf428e279c116 Any...
Malicious code in vpi-guides (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0746aaba735c5411a6b2e62e27b52b39aace59ceebe307f3cd192fbf052b387a The package vpi-guides was found to contain malicious code. Source: ghsa-malware 28248d8cb6eca76057853d4e6ed366107e13c7dce9b6f02d9afd82475152a369 Any...
MAL-2026-3278 Malicious code in honcho-theme (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84982c0724088423f1dfd6be1667977bde24611206ff38083fbd5f1bddb51ee7 The package honcho-theme was found to contain malicious code. Source: ghsa-malware 23c78ef060edd4e17fe6722502a19a3f7cfa402b9253a432003578db145e5c24 A...
Malicious Package
Overview @w3m-app/getchainid is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @bcs-react-ui/context-menu is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...