234868 matches found
Malicious Package
Overview suport-color is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview cloude is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
MAL-2026-952 Malicious code in claud-code (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 858992810c1a4133d95b6fa19033c07591db548a46df39b67e0d393d7dd212ad The package claud-code was found to contain malicious code. Source: ghsa-malware 5fe9842d778d45ad5b5e4d81db678d608711dd4b186e053569dae6f210481651 Any...
Malicious code in cloude-code (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ec24ba80068a14617a513915da6a3751b60345b9c1e9144a362c4b85abefdc6 The package cloude-code was found to contain malicious code. Source: ghsa-malware 8da7714f501eed0c20e3432333dc73d1707e7ef16a803df07b6d73fab1945be7 An...
MAL-2026-966 Malicious code in opencraw (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aaed661cc51e76234fc6cba7587b973903e00bbacd33da7114aeb726d957b577 The package opencraw was found to contain malicious code. Source: ghsa-malware 5bc39adf3939792f918a50cbc9a9952a11d950e361d83d5631449f20ad634945 Any...
CVE-2026-26996 vulnerabilities
Vulnerabilities for packages: npm, rancher-api-ui, opensearch-dashboards, prism, langfuse, renovate, eslint, saf, argo-workflows, pulumi, vitess, serve, node-gyp, kubeflow-pipelines, kubeflow-centraldashboard, code-server, lerna, sqlpad, tileserver-gl...
GHSA-3PPC-4F35-3M26 vulnerabilities
Vulnerabilities for packages: npm, rancher-api-ui, opensearch-dashboards, prism, langfuse, renovate, eslint, saf, argo-workflows, pulumi, vitess, serve, node-gyp, kubeflow-pipelines, kubeflow-centraldashboard, code-server, lerna, sqlpad, tileserver-gl...
GHSA-3PPC-4F35-3M26 vulnerabilities
Vulnerabilities for packages: langfuse, saf, argo-workflows, code-server, actions-runner, node-gyp, npm, langfuse-fips, tileserver-gl-fips, kubeflow-centraldashboard, sqlpad, opensearch-dashboards, foxx-cli, emscripten, prism, kubeflow-pipelines, redisinsight, opensearch-dashboards-fips, librecha...
CVE-2026-26996 vulnerabilities
Vulnerabilities for packages: langfuse, saf, argo-workflows, code-server, actions-runner, node-gyp, npm, langfuse-fips, tileserver-gl-fips, kubeflow-centraldashboard, sqlpad, opensearch-dashboards, foxx-cli, emscripten, prism, kubeflow-pipelines, redisinsight, opensearch-dashboards-fips, librecha...
osdlabel (=0.0.1) potentially affected by CVE-2026-27013 via fabric (=7.1.0)
fabric NPM version =7.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on fabric and may be impacted: - osdlabel =0.0.1 Source cves: CVE-2026-27013 Source advisory: SNYK:JS-FABRIC-15317311...
10up-toolkit (>=6.0.0 <=6.5.1), @0ti.me/ts-test-deps (=0.2.0) +6570 more potentially affected by CVE-2026-26996 via minimatch (>=9.0.0 <=9.0.5)
minimatch NPM version =9.0.0, =6.0.0, =1.1.0-pre.1, =1.4.0, =9.1.0, =1.17.3-testing-284.48.0, =1.0.0, =1.1.6, =0.0.0-alpha.1aa37fb04f1f, =1.1.3, =1.0.6, =1.0.25 and more Source cves: CVE-2026-26996 Source advisory: OSV:GHSA-3PPC-4F35-3M26...
MAL-2026-945 Malicious code in ui5-cap-event-app-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 837e841e2b75385a4e7c030237983cfe52f91373ffa3e56859c7055ac0a80f4d The package ui5-cap-event-app-server was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in abcxyzz (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b953a8183a1a7ba906c9117e8afe658b2606311b606d8b3ecad680076fc51e9 The package abcxyzz was found to contain malicious code. Source: ossf-package-analysis b22a45e3a267d5930d5e8dfdb52954bf049c7b63a9bdb0818e5daff1191e74...
OpenClaw Affected by Remote Code Execution via System Prompt Injection in Slack Channel Descriptions
Summary When the Slack integration is enabled, Slack channel metadata topic/description could be incorporated into the model's system prompt. Impact Prompt injection is a documented risk for LLM-driven systems. This issue increased the injection surface by allowing untrusted Slack channel metadat...
Malicious code in vds-monarch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9fc03a6a0feff43eef44ac91f0e9ce68c422a439528842f139bf1164366c66d The package vds-monarch was found to contain malicious code. Source: ghsa-malware 23d64f4764ccc88b26aa567b6d6828093fe8d35500ac67a19ced44828073dbf4 An...
Malicious code in realestate-ask (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc4db310e1c17bbf02575dc3a75ab56d4d38581001d31617c583443f7d88a126 The package realestate-ask was found to contain malicious code. Source: ghsa-malware 75a155e1870bd51f018f66476427d1da99c87cbbcab800c354dad13f76b67c3b...
Malicious code in compass-e2e-tests (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27a245065291bd7252411254769a1764aab8e228c8ca161708734a3d47d3c9ec The package compass-e2e-tests was found to contain malicious code. Source: ghsa-malware...
MAL-2026-922 Malicious code in compass-e2e-tests (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27a245065291bd7252411254769a1764aab8e228c8ca161708734a3d47d3c9ec The package compass-e2e-tests was found to contain malicious code. Source: ghsa-malware...
MAL-2026-919 Malicious code in mds-webcomponents (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b33015300fa18b6b3d2c2f1c0af0e77cbd9fa96c7af7befbe61a5422165824e package.json declares preinstall: node index.js, which runs automatically on every npm install. index.js collects os.homedir, os.hostname,...
Malicious code in @qualys/react-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c63e27e2c86203c152f6f7bfc30136a44d93bfbc84522fcf86ca97976511a59 The package @qualys/react-web was found to contain malicious code. Source: ossf-package-analysis...