budibase (>=0.0.3 <=0.0.31) potentially affected by CVE-2026-45715 via @budibase/server (>=0.0.1 <=0.0.9)

@budibase/server NPM version =0.0.1, =0.0.3, =0.0.31 Source cves: CVE-2026-45715 Source advisory: OSV:GHSA-FGQV-JH4G-PVG2...

NPM: Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation

NPM: Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation vulnerability discovered by ? in WordPress Npm better-auth versions 1.4.17...

GHSA-27W2-87XV-37C6 nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT

Impact A malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record containing a TaggedSigned with a signature field whose byte length is not exactly 64. When the victim node's DHT verifier calls TaggedSigned::verify, execution reaches...

nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT

Impact A malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record containing a TaggedSigned with a signature field whose byte length is not exactly 64. When the victim node's DHT verifier calls TaggedSigned::verify, execution reaches...

MAL-2026-3802 Malicious code in @datatrain/passenger-v3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ff70d96169a200be30c83b3e37506f7abf2f377ed1d6dec8005269d98b58104 The package @datatrain/passenger-v3 was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in dowload_ebok_como_leer_el_futbol_by_ruud_gullit_8qd97 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60192fdff4e24c7d8a8a8feebf26b8aa9408dacbc59475649335e0efc03969f6 The package dowloadebokcomoleerelfutbolbyruudgullit8qd97 was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3797 Malicious code in dowload_ebok_stalking_jack_the_ripper_by_kerri_maniscalco_james_patterson_b529t (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1486e8a5f17dfc7a56252ff489f714a2ab7a0befd20da59b43d93d31f8587149 The package dowloadebokstalkingjacktheripperbykerrimaniscalcojamespattersonb529t was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3796 Malicious code in dowload_ebok_los_enemigos_del_comercio_by_antonio_escohotado_6t2l4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ecb449c7c0f418834fbc3e22c6d061ef50d4d6bdbb1e40d19fb85023be2be5f The package dowloadeboklosenemigosdelcomerciobyantonioescohotado6t2l4 was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3795 Malicious code in dowload_ebok_como_leer_el_futbol_by_ruud_gullit_8qd97 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60192fdff4e24c7d8a8a8feebf26b8aa9408dacbc59475649335e0efc03969f6 The package dowloadebokcomoleerelfutbolbyruudgullit8qd97 was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3799 Malicious code in dowload_ebok_the_testament_of_solomon_by_king_solomon_frederick_cornwallis_conybeare_5201c (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b33d6c492e4871ad2384480820ba9bbefb5a987a0675139c6358cc58e645fd95 The package dowloadebokthetestamentofsolomonbykingsolomonfrederickcornwallisconybeare5201c was found to contain malicious code. Source: ghsa-malware...

Malicious code in jenkins-for-jira (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8cad9f892c0d9dc4daa1424ece0fdaaeb28938252726be668e5880537046533 The package jenkins-for-jira was found to contain malicious code. Source: ghsa-malware 1f7a28558fe9fa734ff5ef86a48965f24b37790a53a4ec35ca344e548d3818...

MAL-2026-3782 Malicious code in atlassian-marathon-asset-pipeline (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d32d9c71cf7460230bdc7da7e9c9cddc9618a5ca53a66adde25fb5a3e588418 The package atlassian-marathon-asset-pipeline was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3786 Malicious code in browser-interaction-time-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1f501a0eb27e6959abc3bfd105408bdbd74a0f0e1f97bb22ee881dbd5d9dac6 The package browser-interaction-time-utils was found to contain malicious code. Source: ghsa-malware...

Malicious code in browser-interaction-time-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a76de4d97b4cff539b3c8793eae793a10581fc4379395a8d2528ab85eb098bd5 The package browser-interaction-time-demo was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview jenkins-for-jira is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-3785 Malicious code in browser-interaction-time-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a76de4d97b4cff539b3c8793eae793a10581fc4379395a8d2528ab85eb098bd5 The package browser-interaction-time-demo was found to contain malicious code. Source: ghsa-malware...

Malicious code in jenkins-forge-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1752ae807c1ded3c735b8ab75a4119f00de67627fbd4a8802331d487b5e2c229 The package jenkins-forge-utils was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview jenkins-forge-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-3791 Malicious code in json-pretty-logs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83ea0ffb681b10da082feb66c76e0db908a8ee31cd9b064edca6c41a90a38a87 The package json-pretty-logs was found to contain malicious code. Source: ghsa-malware b86537d3e254ff943b2ca179cb5501c1a02900d518482640d73d0a9892797a...

Malicious Package

Overview babel-6-compatibility-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...