CVE-2026-7094

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteernavigate. Executing a manipulation of the argument url can lead t...

MAL-2026-5077 Malicious code in puppeteer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abb5e0ca28fe73f218eea4bcbf584520cc1618dbc617326c9036f4de5b9a85c9 Withdrawn Advisory This advisory has been withdrawn because the malicious package detection was a false positive. This link is maintained to preserve...

Malicious code in puppeteer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9032a522708cf49b925eaee77c313e16ee097040af91a2a9c86e16a957a183e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in puppeteer-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 280757b24c4ec5428a205e302200508a0438aa8f51e0a6ad95dbd3728f6a4db1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3655 Malicious code in puppeteer-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2dcc6d8c6bf0f2ba6f88f7a1867847e37d8e5acb1d3e5e51aca7e2e431d02931 Withdrawn Advisory This advisory has been withdrawn because the malicious package detection was a false positive. This link is maintained to preserve...

Malicious code in @puppeteer/browsers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76482d9b1a887d0692b8dd6aab8071a8d96388a065c1e512999107e4c4e9cd54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3654 Malicious code in @puppeteer/browsers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a28ea47c2f5a0ac44e0059f5b5f7f0595f6f3d54da32a45478e3fb0b76e7a605 Withdrawn Advisory This advisory has been withdrawn because the malicious package detection was a false positive. This link is maintained to preserve...

CVE-2026-7094

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteernavigate. Executing a manipulation of the argument url can lead t...

CVE-2026-7094 ShadowCloneLabs GlutamateMCPServers puppeteer_navigate index.ts server-side request forgery

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteernavigate. Executing a manipulation of the argument url can lead t...

CVE-2026-7094

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteernavigate. Executing a manipulation of the argument url can lead t...

CVE-2026-7094 ShadowCloneLabs GlutamateMCPServers puppeteer_navigate index.ts server-side request forgery

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteernavigate. Executing a manipulation of the argument url can lead t...

CVE-2026-7094

ShadowCloneLabs GlutamateMCPServers contains a server-side request forgery via puppeteer_navigate (src/puppeteer/index.ts). Manipulating the argument url can trigger SSRF from remote, with no disclosed patch version. CVSS estimates range from 4.0 to 3.0/3.1 depending on vector, all indicating med...

Glutamate MCP Servers 代码问题漏洞

Glutamate MCP Servers are a set of model context protocol servers open-sourced by ShadowCloneLabs. There is a code vulnerability present in Glutamate MCP Servers, which stems from improper handling of parameters in the src/puppeteer/index.ts file within the puppeteernavigate component. This...

PT-2026-35362

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteer navigate. Executing a manipulation of the argument url can lead ...

Puppeteer Renderer - Directory Traversal

puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server. id: CVE-2024-36527 info: name: Puppeteer Renderer - Directory Traversal author: Stux severity: medium...

EUVD-2025-176892

Malicious code in puppeteer-prettier-stylelint-cluster-delphinus npm...

Malicious code in csv-puppeteer-phoenix-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 374bf3eeca6aa7f97f05cedd4268ceca21f16e8c36c450cb4fa2c17ac2ffd1ab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-178453

Malicious code in ignite-puppeteer-procyon-vortex npm...

EUVD-2025-177104

Malicious code in polaris-wasat-grunt-puppeteer npm...

EUVD-2025-179120

Malicious code in entanglement-tachyon-puppeteer-cressida npm...