CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

7.5CVSS5.4AI score0.00024EPSS

SUSE-SU-2026:2324-1 Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences bsc1264715...

OSSF Malicious Packages•added 2 days ago•7 views

Malicious code in @doaction/wasm-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 118555cc138d5dbc40c11c385af69fa4c6c5caa2fc05e6b0b49c65cc69491a78 Package name and description advertise a 'WASM loader,' but the tarball ships no WebAssembly code. Instead, package.json declares "preinstall": "node...

5.6AI score

OSSF Malicious Packages•added 2 days ago•8 views

Malicious code in @doaction/mapstore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9692028d96015eee60ce05d38eac9bf0c6e51dd2153cea37cad4756e3b4b3de9 @doaction/[email protected] is published to the public npm registry under a sentinel-high version 99.99.99 with a pinned @doaction/shared: ^99.99.99...

5.4AI score

OSSF Malicious Packages•added 2 days ago•7 views

Malicious code in @doaction/http (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0558fc0fe6ab95434c0f041b1ed88e02039379e9052dbfd3e0faf35a8e8d5d5f Package version 9.9.9 is the canonical version-pinning marker used to outrank any private package during npm dependency resolution. The package...

5.6AI score

MAL-2026-5379 Malicious code in @doaction/storage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2555ac1fb49d2dac0108e398a6acffa2bffa1a86326db5fa384ed1232fdab89 Package @doaction/[email protected] is shaped as a dependency-confusion attack against the private-looking @doaction scope. The 99.99.99 sentinel...

5.5AI score

OSSF Malicious Packages•added 2 days ago•8 views

Malicious code in @doaction/shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector caba10985bd532eb067af52e175856a72552c9b9306895ea9fba9c1083277248 @doaction/[email protected] is a dependency-confusion lure that exfiltrates installer environment metadata on every npm install. package.json declares...

5.6AI score

OSSF Malicious Packages•added 2 days ago•6 views

Malicious code in @doaction/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f96ec00bc5ed7192c8483a1b27f2212ce64e5a86f1dc309b66d14ea969de00fb @doaction/[email protected] is shaped as a public-registry shadow of a private internal package: scoped name pattern, inflated 99.99.99 version, and a...

5.7AI score

Exploits0References2

OSSF Malicious Packages•added 2 days ago•7 views

Malicious code in @doaction/eventemitter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5221b351f74900764906fd20a62e5c3f390473ed87a1d4fb781e34d3ffd2f623 On npm install, package.json declares "preinstall": "node scripts/postinstall.js", and scripts/preinstall.js unconditionally executes...

5.7AI score

Exploits0References2

OSV•added 2 days ago•8 views

ROOT-APP-NPM-CVE-2026-42037 CVE-2026-42037 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42037 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.00096EPSS

Exploits1

ROOT-APP-NPM-CVE-2026-44496 CVE-2026-44496 in @rootio/axios - Patched by Root

Root has patched CVE-2026-44496 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

5.4AI score

9.8CVSS5.9AI score0.0005EPSS

ROOT-APP-NPM-CVE-2026-29045 CVE-2026-29045 in @rootio/hono - Patched by Root

Root has patched CVE-2026-29045 in the @rootio/hono package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00022EPSS

ROOT-APP-NPM-CVE-2026-44902 CVE-2026-44902 in @rootio/opentelemetry__sdk-node - Patched by Root

Root has patched CVE-2026-44902 in the @rootio/opentelemetrysdk-node package for Root:npm. Multiple fixed versions available...

OSV•added 2 days ago•7 views

ROOT-APP-NPM-CVE-2026-25896 CVE-2026-25896 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-25896 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

9.3CVSS5.3AI score0.0002EPSS

Exploits1

OSV•added 2 days ago•6 views

ROOT-APP-NPM-CVE-2026-45740 CVE-2026-45740 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-45740 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.00058EPSS

7.5CVSS5.8AI score0.00141EPSS

ROOT-APP-NPM-CVE-2026-44290 CVE-2026-44290 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44290 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

OSV•added 2 days ago•5 views

ROOT-APP-NPM-CVE-2026-44289 CVE-2026-44289 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44289 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00058EPSS

7.4CVSS6.6AI score0.00035EPSS

ROOT-APP-NPM-CVE-2026-33896 CVE-2026-33896 in @rootio/node-forge - Patched by Root

Root has patched CVE-2026-33896 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

Exploits1

7.5CVSS5.9AI score0.00038EPSS

ROOT-APP-NPM-CVE-2026-33894 CVE-2026-33894 in @rootio/node-forge - Patched by Root

Root has patched CVE-2026-33894 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

7.5CVSS5.9AI score0.00042EPSS

ROOT-APP-NPM-CVE-2026-33895 CVE-2026-33895 in @rootio/node-forge - Patched by Root

Root has patched CVE-2026-33895 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...