234864 matches found
Malicious code in iron-menu-behavior (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c995f11c44e1f5cd41f7a3c63d4070a2d738168a7fcc5a61f8f9e8ddbd6f00c The package iron-menu-behavior was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview @platform-growth/guidance-channel-provider is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview collab-library is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in @mmm-otrade/transaction-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bf4c9f5e8a8d9c59d2880a5aafe18bd8780c33c876d202589f4751d5447ce1c The package @mmm-otrade/transaction-adapter was found to contain malicious code. Source: ghsa-malware...
Malicious code in amt-package-united-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de3f8cf1c89ae16f5297d8a873529f5ba61b4d746f1f79667f803c96bf92507f The package amt-package-united-icons was found to contain malicious code. Source: ghsa-malware...
Malicious code in collab-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 827bba21aab2fb6ac088e0ab66d2d6ce16a9edcfb26736c85c5d9c8488019b21 The package collab-library was found to contain malicious code. Source: ghsa-malware aa4043d376077e02719a8d768bb1e2631de6c69525ebd948ed92102f617adc9c...
Malicious code in iron-localstorage (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b4370af9c8f0db5604f7bc2648c64054140ea6fbcfebd4eef181c7330efaf77 The package iron-localstorage was found to contain malicious code. Source: ghsa-malware...
Malicious code in @platform-growth/guidance-channel-provider (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 851a1eb428b30069bd6ba251018b1547db4c6066228663539c2b80b07ba0061e The package @platform-growth/guidance-channel-provider was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1306 Malicious code in falcologgerinternalstate (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 183181a665c683721a6523db5e15b21f8c20c2b154b2ea57decac425f8ad44e3 The package falcologgerinternalstate was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview amt-package-united-icons is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2026-1313 Malicious code in iron-pages (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa0828e4b92294651d9b815203d5e2e7cbe45cce351dfa340bb6a79481a4a0cd The package iron-pages was found to contain malicious code. Source: ghsa-malware ec5456f01c9dadf3a140d1cd4974007405b2fdf1a9f1639c264a194555229ec4 Any...
MAL-2026-1309 Malicious code in iron-localstorage (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b4370af9c8f0db5604f7bc2648c64054140ea6fbcfebd4eef181c7330efaf77 The package iron-localstorage was found to contain malicious code. Source: ghsa-malware...
Malicious code in iron-image (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64bb41903e84d6a7adabb1c7268258090468e2e83e6f31fb679d594e8266f79e The package iron-image was found to contain malicious code. Source: ghsa-malware 11a0db876976d8589a7d975fb9c112f6569a4fc2708fb21c378166c2a1f8d204 Any...
MAL-2026-1316 Malicious code in xc-input-toggle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25bd6a138ac384a0c310614cf8a679db9c7c02f9b4b44fbfb98910514eb2e80e The package xc-input-toggle was found to contain malicious code. Source: ghsa-malware aa8d4ebd389bd00b1f92bc14e6d9e1a2ffc83e2ef239991e0e01c0bb445166c...
OpenClaw's system.run allowlist approval parsing missed PowerShell encoded-command wrappers
OpenClaw's system.run shell-wrapper detection did not recognize PowerShell -EncodedCommand forms as inline-command wrappers. In allowlist mode, a caller with access to system.run could invoke pwsh or powershell using -EncodedCommand, -enc, or -e, and the request would fall back to plain argv...
MAL-2026-1292 Malicious code in odds-analyzer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fd711f9267e0e1bd3dc42ff98c117a939f5ffa947f11c5fd3d9aea4bc8a47c1 The package odds-analyzer was found to contain malicious code. Source: ghsa-malware 90239f2eeaa13b5a4c00596bcd6f549ab3948f0b1421e246ce67a7bfa30248d6...
MAL-2026-1293 Malicious code in tw-modern-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5263f4880e1caf988c78cea312bf9087935eadf7367438ca98023d0b03a5ab12 The package tw-modern-ui was found to contain malicious code. Source: ghsa-malware 739792de3e777b4dcdf28cf380425a6e0e3082c65f5f72ff73d4ae60ed685d98 A...
GHSA-QR2G-P6Q7-W82M x402 SDK Security Advisory
Impact A security vulnerability exists in outdated versions of the x402 SDK. This vulnerability does not affect users' private keys, smart contracts, or funds. The issue impacts resource servers accepting payments on Solana when the facilitator is running a vulnerable version of the x402 SDK. Who...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the ValidateStdioConfig process. An attacker can execute arbitrary commands with application privileges by bypassing argument validation using the -p flag in npx node. This allows full system compromise through...
MAL-2026-1269 Malicious code in @wgu-edu/wgu-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1492a1bd49042802301333ea517f4b8406c91e845c6189c43be215cb9832edf The package @wgu-edu/wgu-core was found to contain malicious code. Source: ghsa-malware...