234864 matches found
MAL-2026-1236 Malicious code in @molb-prelogin/gobiz-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2a95b0b5cbb552848c3740a99b78d968f3cef00df645e9314604255a4f0507d The package @molb-prelogin/gobiz-config was found to contain malicious code. Source: ossf-package-analysis...
GHSA-P4WH-CR8M-GM6C OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL
Summary shell-env fallback trusted prefix-based executable paths for $SHELL, allowing execution of attacker-controlled binaries in local/runtime-env influence scenarios. Details In affected versions, shell selection accepted either: 1. a shell listed in /etc/shells, or 2. any executable under...
GHSA-QHRR-GRQP-6X2G OpenClaw's tools.exec.safeBins trusted PATH directories allowed binary shadowing in allowlist mode
Summary In openclaw allowlist mode, tools.exec.safeBins trusted PATH-derived directories for safe-bin resolution. A same-name binary placed in a trusted PATH directory could satisfy safe-bin checks and execute. Impact This is an allowlist bypass in exec policy that can lead to command execution i...
Malicious code in demo-pipelinetest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cdbe67e8fa0e92aa8f588916bbaf7b0c041cd6613636172f671c1a6251df15e The package demo-pipelinetest was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview @vk-cloud-billing/common is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in @vk-cloud-billing/common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78b5a4d83fe25260e7b73b7d40a2d8827f8ebe841ace75e3f03140b4861eb836 The package @vk-cloud-billing/common was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1217 Malicious code in @vk-cloud-billing/common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78b5a4d83fe25260e7b73b7d40a2d8827f8ebe841ace75e3f03140b4861eb836 The package @vk-cloud-billing/common was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview chai-as-confirmed is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in gaia-marionette (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81308c35c4cad5bf3f87f791133f9aff53485b715060135829785be1d33b2e1d The package gaia-marionette was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in pdfjs-dist-v5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5827ccd19d073818da31059d76a725b171d1fc793a4f2591ed0118a35b46c35 The package pdfjs-dist-v5 was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-1206 Malicious code in polymarket-trade-bot-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1202bbcaa78670992217c3ebaa55bb6edc17c6cb454209114639b680032d068f The package polymarket-trade-bot-api was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview chai-as-mock is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in polymarket-provider (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae3c186d214eb963243e619bc60d87eee8691ea9a502e437b5d4361f18e05893 The package polymarket-provider was found to contain malicious code. Source: ghsa-malware...
Malicious code in alpha-replicator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 813b40640376929ec6b2c1eac05da3cf3248e3ad74ea5f28ec2c6770a81b039d The package alpha-replicator was found to contain malicious code. Source: ghsa-malware 2a31df37c5505c0c72366c3a25757305201aa2db41da2a774157074244006a...
MAL-2026-1209 Malicious code in tailwindcss-form-bundler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a2a9c57883700b802e8a250afb6d3e95ef2ea31ab9a699b1bf339a9843fe430 The package tailwindcss-form-bundler was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview polygon-bitquery-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in mongoose-apis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8158b4b1cc5affba57a810926c5765a7af056b7e89cf2ce07da0615144bac920 The package mongoose-apis was found to contain malicious code. Source: ghsa-malware b967e890598bf7e59192b0eb97d1c9ef5d00f60f2730955e684e67b3acfe888f...
Malicious code in cloud-apis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d014766db57fb4d6cceffc9e45821e7c14135a358abdc4db25a0310538266699 The package cloud-apis was found to contain malicious code. Source: ghsa-malware 34de661e0892c5941755ca8d9db5fbcd64da940f5b21755f4b20862a758fe769 Any...
MAL-2026-1193 Malicious code in cloud-apis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d014766db57fb4d6cceffc9e45821e7c14135a358abdc4db25a0310538266699 The package cloud-apis was found to contain malicious code. Source: ghsa-malware 34de661e0892c5941755ca8d9db5fbcd64da940f5b21755f4b20862a758fe769 Any...
Malicious code in tailwindcss-forms-componentes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0825512b6509f2725c98e651bd2d86e9fd2fa6e488f9ee33a7cdcfbf30b1a73e The package tailwindcss-forms-componentes was found to contain malicious code. Source: ghsa-malware...