MAL-2026-3058 Malicious code in @clearpool/table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79bdf65c3193663ec05f4281e94765c2106a6a5ce8bd9860a4cfcbaab419f0c9 The package @clearpool/table was found to contain malicious code. Source: ghsa-malware 34f072d9880102a7b4495043aa1155a43587246ae13f1974b107df2bbe4760...

MAL-2026-3056 Malicious code in @clearpool/comms (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f79c0a598ffe54e6eba22b90afd0c9bbb902c3086178c2ea2a9227e002e399d The package @clearpool/comms was found to contain malicious code. Source: ghsa-malware aac3d8fce06f495311a581ee9a8f6acf42b7ea35162b9a3387ad6040adfef4...

MAL-2026-3049 Malicious code in classlink (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2915556b569ee5a4e890ea4178a61836ed8799f93a30fb0ac5e30cc37a41ede The package classlink was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3080 Malicious code in frank-bot-gogle-cloning (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44bf385867bdd18d9634c115e9e423146f198038e6fdb1d6dca9c95743f3af4b The package frank-bot-gogle-cloning was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @ozon-complt/antibot-handler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d2b2c8d66cf69cda5e16765e70a8c3615ecfc57baa6a283228bab60dcc337dc The package @ozon-complt/antibot-handler was found to contain malicious code. Source: ghsa-malware...

NPM: OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy

NPM: OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +15 more potentially affected by CVE-2026-45000 via openclaw (>=2026.3.22 <=2026.4.12)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.0.8 and more Source cves: CVE-2026-45000 Source advisory: SNYK:JS-OPENCLAW-16298043...

NPM: OpenClaw: Paired-device pairing actions were not limited to the caller device

NPM: OpenClaw: Paired-device pairing actions were not limited to the caller device vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

NPM: OpenClaw: Hook mapping templates could bypass hook session-key opt-in

NPM: OpenClaw: Hook mapping templates could bypass hook session-key opt-in vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

MAL-2026-3062 Malicious code in @google-pay-trust/cancelled (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b7b08b4a3e94724e2b15686c111c5633ab73daf6f54dbcc7b758b91cfa3797a The package @google-pay-trust/cancelled was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3054 Malicious code in @apple-pay-trust/start (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92fc55ea349311a75b2010e08e3c5bc6ad5498bf7f0ed78d942231a42ca46f8d The package @apple-pay-trust/start was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3063 Malicious code in @google-pay-trust/finish (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fd69ccad4854f078fe0d815a4f14a1b8ef69fd62704fbf4be49710a2c3926b2 The package @google-pay-trust/finish was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3039 Malicious code in process-app-task (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e9459ef3208e8a07fbb99a80ce6bc5f0a6b9c6511da51241bac7c034632b7e1 The package process-app-task was found to contain malicious code. Source: ghsa-malware e03db779eee12801bb79b31d14cb5519f499b54a039c4428b125a23c26a652...

Malicious code in @tw-utils/static (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8060c32aabe89eb22a82291f64a25a65a01040bd6aa838ea676e7f500a25f70d The package @tw-utils/static was found to contain malicious code. Source: ghsa-malware 60a80ead8b8afa898624fa960ac7edaf112ac7b55a89001fc4c066971c2c4c...

Malicious code in uipath-ui-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa9d3ca9b9ac28cb9fe47c84a695d8905ac59aacc352dfe23dfe6bf85464c481 The package uipath-ui-widgets was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3082 Malicious code in kl-b2c-ui-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e32dd1450d1b5670388a4fbf71a7189cff326aa1c7734ee6ea1c89614438c516 The package kl-b2c-ui-kit was found to contain malicious code. Source: ghsa-malware c42673f7cabe65ad288149a7f75426fea7054327c8f73ac59d07e6b60a64b3db...

Malicious code in kl-b2c-ui-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e32dd1450d1b5670388a4fbf71a7189cff326aa1c7734ee6ea1c89614438c516 The package kl-b2c-ui-kit was found to contain malicious code. Source: ghsa-malware c42673f7cabe65ad288149a7f75426fea7054327c8f73ac59d07e6b60a64b3db...

MAL-2026-3068 Malicious code in @sbt_gitverse/analytics-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2858d6765b337bc72b69faaa1a64e528931e8230756aa8a1d5ab4e58793357a The package @sbtgitverse/analytics-client was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3033 Malicious code in tether-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3a15feaa501454125206345e0e802667759555738db7b1a1ee9ad5dc6b0098a The package tether-base was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3079 Malicious code in axis-ui-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 898e7e6953d0a1f5efd906c36d9a6c798f0dce58017ac54df6e1b09bd26dd6d1 The package axis-ui-generator was found to contain malicious code. Source: ossf-package-analysis...