@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +13 more potentially affected by unknown CVE via openclaw (>=2026.3.22 <=2026.3.31)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 Source cves: unknown CVE Source advisory: SNYK:JS-OPENCLAW-15443481...

Malicious code in passport-nightwatch-sedna-karma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 590d2c8ef0713d21221fbae7ee5e08dbd5bc8bb6d9956061ea4aba71ab61dc4e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-122634

Malicious code in request-callisto-apex-passport npm...

EUVD-2022-6420

Malicious code in bioql PyPI...

Malicious code in kastra-tachyon-andromeda-passport (npm)

The package kastra-tachyon-andromeda-passport was found to contain malicious code...

MAL-2025-37952 Malicious code in ursa-global-passport-markdown-pdf (npm)

The package ursa-global-passport-markdown-pdf was found to contain malicious code...

CVE-2022-25896

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed...

CVE-2022-25896

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed...

UBUNTU-CVE-2022-25896

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed...

Code injection

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed...

CVE-2022-25896 Session Fixation

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed...

Session Fixation

Overview passport is a Simple, unobtrusive authentication for Node.js. Affected versions of this package are vulnerable to Session Fixation. When a user logs in or logs out, the session is regenerated instead of being closed. Remediation Upgrade passport to version 0.6.0 or higher. References -...