234641 matches found
Malicious code in @corpweb-ui/wmkt-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfd12ddf708e12b032513bcf667e459df772f642106507d1798d95ee81f6cbe2 index.js uses childprocess to execute whoami and gather hostname information, then transmits results via https.get to api.telegram.org/bot — a...
@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +12 more potentially affected by CVE-2026-41341 via openclaw (>=2026.3.22 <=2026.3.28)
openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-41341 Source advisory: SNYK:JS-OPENCLAW-15893694...
GHSA-CQGW-44WG-44RF OpenClaw: Discord voice manager bypasses channel-level member access allowlist
Summary Discord voice manager bypasses channel-level member access allowlist Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: v2026.3.28 still accepts Discord voice ingress before channel allowlist authorization, and main-only gating means this remains a real...
@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +12 more potentially affected by CVE-2026-41378 via openclaw (>=2026.3.22 <=2026.3.28)
openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-41378 Source advisory: SNYK:JS-OPENCLAW-15894771...
GHSA-6P8R-6M93-557F OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting
Summary Fake DeviceToken Bypasses Shared Auth Rate Limiting Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Real in shipped mixed WS auth flow, but practical risk is mostly weak shared-password deployments since strong shared tokens remain non-bruteforceable...
GHSA-58Q2-7R52-JQ62 OpenClaw: Path traversal via inbound channel attachment path in ACP dispatch allows arbitrary file read
Summary Path traversal via inbound channel attachment path in ACP dispatch allows arbitrary file read Current Maintainer Triage - Normalized severity: medium - Assessment: v2026.3.28 ACP dispatch still reads attachment paths outside the guarded attachment-cache or root checks, and the...
Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads
A packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks...
GHSA-MHGQ-XPFQ-6R66 OpenClaw: Unauthenticated plugin-auth HTTP routes receive operator runtime scopes
Summary Unauthenticated plugin-auth HTTP routes receive operator runtime scopes Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still gives auth:"plugin" routes operator WRITESCOPE, but impact should stay limited to plugin routes that actually tou...
Axios npm Supply Chain Incident Impacting @usebruno/cli
Impact This is a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran npm install between 00:21 UTC and 03:30 UTC on March 31, 2026 may have been...
Malicious code in expreeeess (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f655863438463b445574f12a5195c9635704e2158556ae437ee3a71c2e083d6b The package expreeeess was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2439 Malicious code in expeewas (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bcb3aafc860058ba4e9a64c6fa7dba85b7df72d68971ef7c673245e4ac02820f The package expeewas was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in expeewas (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bcb3aafc860058ba4e9a64c6fa7dba85b7df72d68971ef7c673245e4ac02820f The package expeewas was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in pro-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 508e68df7788049a51c684d3038db25fb043a5dda88579108c5eb49eacbfff95 The package pro-express was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2445 Malicious code in pro-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 508e68df7788049a51c684d3038db25fb043a5dda88579108c5eb49eacbfff95 The package pro-express was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2441 Malicious code in expirs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86105842d926ee95e61ae8adf0d4506cbc55c9510189208ee33d511806f2c5ef The package expirs was found to contain malicious code. Source: ossf-package-analysis d82cf6807fa6c011a17d3f4e8bf8af1e3e935a3d79ab1420356fd87d3f2567d...
MAL-2026-2437 Malicious code in exaprse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6cac7f3a62099b4980a3948c78a3a231085dece3eac1d5ca3aa0bc3b0d102e5 The package exaprse was found to contain malicious code. Source: ossf-package-analysis e6b772ab3336f1923332b7f4042b5daa8ea5fdef08b605e35f6410c40f6a25...
Malicious code in exszpe3szs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67f15551a64777edf23687b4e056220380ac9501b76e432e33f9d93f5aecf2d3 The package exszpe3szs was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2435 Malicious code in 4xperss (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6de1a8af1dbe21de2e06785a6a5e41a438f356fe440c8b121b808975ef95f5fe The package 4xperss was found to contain malicious code. Source: ossf-package-analysis d8cb27dbe58e29571ce6b777903222af9497b79676e8301021d03f159c5d77...
Malicious code in 4exepreds (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 713fcab117c3d896c25c79498daded14d2b7d69baecb99c233703f421caaca26 The package 4exepreds was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2434 Malicious code in 4exepreds (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 713fcab117c3d896c25c79498daded14d2b7d69baecb99c233703f421caaca26 The package 4exepreds was found to contain malicious code. Source: ossf-package-analysis...