136589 matches found
NPM: OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy
NPM: OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...
NPM: OpenClaw: Paired-device pairing actions were not limited to the caller device
NPM: OpenClaw: Paired-device pairing actions were not limited to the caller device vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...
NPM: OpenClaw: Hook mapping templates could bypass hook session-key opt-in
NPM: OpenClaw: Hook mapping templates could bypass hook session-key opt-in vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...
MAL-2026-3063 Malicious code in @google-pay-trust/finish (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fd69ccad4854f078fe0d815a4f14a1b8ef69fd62704fbf4be49710a2c3926b2 The package @google-pay-trust/finish was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3039 Malicious code in process-app-task (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e9459ef3208e8a07fbb99a80ce6bc5f0a6b9c6511da51241bac7c034632b7e1 The package process-app-task was found to contain malicious code. Source: ghsa-malware e03db779eee12801bb79b31d14cb5519f499b54a039c4428b125a23c26a652...
MAL-2026-3033 Malicious code in tether-base (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3a15feaa501454125206345e0e802667759555738db7b1a1ee9ad5dc6b0098a The package tether-base was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3079 Malicious code in axis-ui-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 898e7e6953d0a1f5efd906c36d9a6c798f0dce58017ac54df6e1b09bd26dd6d1 The package axis-ui-generator was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in axis-abc-portal-menu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84dbd03fbc7970d1f3fc987743f698a9ea6a0af44ea2b89d0f2c1cbaa397f933 The package axis-abc-portal-menu was found to contain malicious code. Source: ossf-package-analysis...
NPM: simple-git is vulnerable to Remote Code Execution
NPM: simple-git is vulnerable to Remote Code Execution vulnerability discovered by ? in WordPress Npm simple-git versions 3.36.0...
MAL-2026-3024 Malicious code in auth0-ui-components-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e0d97624d1290690782d9c5e369ea2df5642da13ce61f091ea686ff4af38ce1 The package auth0-ui-components-docs was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3026 Malicious code in sagat-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b9e0a31b6bceddf90e920c8c6eb6313c822ca883c8daaa6905c5d8835fb8220 The package sagat-core was found to contain malicious code. Source: ghsa-malware cd038a03954f5c3c52c0f68ddfd36cbd9746f905131c22fa2089a72f8929be62 Any...
Malicious code in lightspark-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d15821a0ef5e30ecb40a14a3e49568a342a372835b2f8b6dbf868217547bcce6 The package lightspark-js was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @bitwarden/cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6fb2336936a86f37fc2018f8e68dc9989ffc3e79aa23297bf470de178201f50 The package @bitwarden/cli was found to contain malicious code. Source: ghsa-malware 8a8c7958926d5ec3795102e9114dfaa649ae3160afb9159ec2c46f044018b776...
Malicious code in json-spacer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49ca906e0f0d7b5884d939ad398cc8367cad887c10533eb833b6f043e5368bfd The package json-spacer was found to contain malicious code. Source: ghsa-malware 04db81abcbf28276b2cb30a860e8decbc485699a1db9ea9557e0595e5f86be82 An...
Malicious code in json-dec (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de1db9ce26e4c5f4788ebbf809fede48364dd0741a8f4d0aa5580fac4b199f59 The package json-dec was found to contain malicious code. Source: ghsa-malware ad7f787412af0259dfcb2bcbb7429600fcb3c8a92510c70699961455caddd9ad Any...
MAL-2026-3004 Malicious code in @nklkas/hyperliquid (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc648f0f62878455b1b388282a720ca552dad5cf17d8545393cb7f57fdbfdab The package @nklkas/hyperliquid was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview @nklkas/hyperliquid is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in changelog-cli-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98a1e229322241da9d146f6aad5c96de566b2707088406fd7de40cbb69445023 The package changelog-cli-logger was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview separadordeinfocc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview undicy-http is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...