CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Malicious code in nw-demo-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f0c784f9f2bc00678e2648cce9c110ad5084c595b42f80e086bc8dbfbe034359 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

NVD•added yesterday•4 views

CVE-2025-71330

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to...

8.7CVSS

OSV•added yesterday•2 views

MAL-2026-5504 Malicious code in @easytipsportal/pos-adapters (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b3beea7d832b4efd2ebc9c3a8eb2ffe1507564985414f7cf399abbd8fc55bc6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in argoncrypt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94563f3221aa73ae8a4de5195a6f6a3e8cef16eb4c1f03bc8d1adc9ce9b72679 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in npmjs_web3-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b691e4c1a13cf8174fdf8653d757594f18057650310bc89e376caa806602d3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in solc-abi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a5ecbb6619ae13314417faab35b315155c9a55f98dfdb707fe44edfe1f7e7356 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added yesterday•2 views

MAL-2026-5509 Malicious code in npmjs_truffle-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25fbc74fbe261cc7bba8c1f9005f7b7573aff1240a5ac8bbf831a3ce8a7c23e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in solc-compiler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6db07dc6d910303b81dcfab09279484fcfa83409addff755a29d58b1d0dff495 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD•added yesterday•3 views

EUVD-2025-210106

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS5.8AI score

Cvelist•added yesterday•20 views

CVE-2025-71329 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

8.7CVSS

Vulnrichment•added yesterday•3 views

CVE-2025-71330 image-size 2.0.2 Denial of Service via Malformed ICNS Image Parsing

8.7CVSS5.8AI score

Malicious code in graphbase-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bcdb883b3cbdcf4216f99f55d52d1b93db24271ddcf4a1e232f444a75709f76a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @validator-sdk/pubkey (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24ee16f71bbbbfbdf360c506e6ee4a19e6c60c374b8f30a3d2e255217ee96afb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added yesterday•4 views

MAL-2026-5498 Malicious code in @validator-sdk/pubkey (npm)

OSV•added yesterday•3 views

MAL-2026-5497 Malicious code in @validate-sdk/v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e93b483fd9338717a984d2e695d44a5497cb4b2d1a91c0eabc160fbc6d6cd7aa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added yesterday•4 views

MAL-2026-5501 Malicious code in ethers-jss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 56bf62c882d62bbb9bacc402f0f25f48e12b878ff454eda013fed56dc61db42e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added yesterday•8 views

ROOT-APP-NPM-CVE-2026-42043 CVE-2026-42043 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42043 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

7.2CVSS5.8AI score0.00026EPSS

Exploits1

OSV•added yesterday•9 views

ROOT-APP-NPM-CVE-2026-42039 CVE-2026-42039 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42039 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00031EPSS

Exploits1

OSSF Malicious Packages•added yesterday•4 views

Malicious code in @builder.io/dev-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 670a0957692786d7cd690da1c51472380e131ceb1149cf37e265a8549ad5339b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added yesterday•3 views

MAL-2026-5493 Malicious code in @builder.io/dev-tools (npm)