Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

219 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 3 days ago6 views

Malicious code in @vpms/design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43ce5813fba2660b094a3e8a5c5a0bf2f1972530c294830c0a2e3d15dcd1b096 package.json declares preinstall="node index.js". On every npm install, index.js iterates process.env and harvests any variable whose name contains...

5.9AI score
Exploits0References4
OSV
OSVadded 2026/06/10 6:22 p.m.8 views

MAL-2026-5523 Malicious code in @orion-design-system/foundation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7fdf1bb78d6c3750adffa854f5f08c7f2fd7af6166f7234aa5cbf4974a1375 The package's npm preinstall lifecycle script runs an inline node -e payload that collects the installer's hostname os.hostname and OS username...

5.5AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/10 6:22 p.m.10 views

Malicious code in @orion-design-system/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edd5d007da2de0a07fc1a0d999cccbf71a748627c82c9b2000d161eb248a5a0f package.json declares a preinstall hook that runs an inline node -e script reading os.hostname and os.userInfo.username and transmitting them via HTT...

5.4AI score
Exploits0References4
OSV
OSVadded 2026/06/10 6:22 p.m.11 views

MAL-2026-5522 Malicious code in @orion-design-system/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edd5d007da2de0a07fc1a0d999cccbf71a748627c82c9b2000d161eb248a5a0f package.json declares a preinstall hook that runs an inline node -e script reading os.hostname and os.userInfo.username and transmitting them via HTT...

5.4AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/10 6:21 p.m.10 views

Malicious code in @orion-design-system/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4218505b74ba258cea12df713bbc27db9fa58d6660cf83e6d0c5fd8a9f68a4c2 package.json declares a preinstall script that runs on every npm install. The script uses node -e to require os and https, reads os.hostname and...

5.4AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/09 5:34 p.m.8 views

Malicious code in morningstar-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18591ac1a5cb5ca3d11e07bde38f230dccc530bb4614d45f9be1f547677a2c9e On npm install, the package's preinstall lifecycle script runs wget against a hardcoded bare-IP HTTP endpoint, passing the output of id, pwd, hostnam...

5.6AI score
Exploits0References3
vulnersOsv
vulnersOsvadded 2026/06/04 2:55 p.m.5 views

@agent-native/core (>=0.26.5 <=0.28.5), @intlayer/backend (=8.7.0-canary.0) +6 more potentially affected by CVE-2026-45337 via better-auth (>=1.6.0 <=1.6.10)

better-auth NPM version =1.6.0, =0.26.5, =0.0.33, =0.2.0, =1.6.0, =0.1.2, =0.2.0 Source cves: CVE-2026-45337 Source advisory: SNYK:JS-BETTERAUTH-17173857...

5.5AI score0.00017EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/22 1:40 p.m.10 views

Malicious code in @cloudways-lab/unified-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 23c4eddec5f89631d3d39c35763cf38b69ab7d8e0e4cd2cb66097eda0a2ed68f The OpenSSF Package Analysis project identified '@cloudways-lab/unified-design-system' @ 99.9.1 npm as malicious. It is considered malicious...

5.8AI score
Exploits0
vulnersOsv
vulnersOsvadded 2026/05/18 9:0 p.m.4 views

@baloise/design-system-components (>=0.0.0 <=15.2.4), @baloise/design-system-components-angular (>=0.0.0 <=15.2.4) +33 more potentially affected by unknown CVE via filesize.js (=2.0.0)

filesize.js NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on filesize.js and may be impacted: - @baloise/design-system-components =0.0.0, =0.0.0, =0.0.0, =0.0.0-nightly-20230817143308, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0,...

5.5AI score
Exploits0
vulnersOsv
vulnersOsvadded 2026/05/18 9:0 p.m.6 views

@baloise/design-system-components (>=0.0.0 <=15.2.4), @baloise/design-system-components-angular (>=0.0.0 <=15.2.4) +33 more potentially affected by unknown CVE via filesize.js (=2.0.0)

filesize.js NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on filesize.js and may be impacted: - @baloise/design-system-components =0.0.0, =0.0.0, =0.0.0, =0.0.0-nightly-20230817143308, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0,...

5.5AI score
Exploits0
OSV
OSVadded 2026/05/13 2:46 a.m.7 views

MAL-2026-3653 Malicious code in @design-system-coopeuch/web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a871445c3913d747a2f1383bcfdac02d6dec26ddb2053260340284cf4ee02233 Package @design-system-coopeuch/[email protected] is a dependency-confusion squat of an internal-looking scope, published at an inflated 999.x version to...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/13 2:46 a.m.15 views

Malicious code in @design-system-coopeuch/web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a871445c3913d747a2f1383bcfdac02d6dec26ddb2053260340284cf4ee02233 Package @design-system-coopeuch/[email protected] is a dependency-confusion squat of an internal-looking scope, published at an inflated 999.x version to...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/08 10:46 p.m.9 views

Malicious code in oneblk-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f46bbc3e155a30851463f65a3f9d5af33ebd5172df5ad70f7b022a77448fc6eb The package oneblk-design-system was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
OSV
OSVadded 2026/05/08 10:46 p.m.10 views

MAL-2026-3421 Malicious code in oneblk-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f46bbc3e155a30851463f65a3f9d5af33ebd5172df5ad70f7b022a77448fc6eb The package oneblk-design-system was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/05/01 9:0 p.m.5 views

CVE-2026-7596

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may ...

5.3CVSS4AI score0.00377EPSS
Exploits0References6Affected Software1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/04/13 3:25 p.m.4 views

Malicious code in experian-design-system-themes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e90ccd6c3568a7aef645cab8ed450ccd3a6161c82b6e9ba03eab795510e35847 The package experian-design-system-themes was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/03/18 12:44 p.m.6 views

Malicious code in components-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca129c441caef97d904867f91617f53799650e2f2deef3f531a3a18dfc917efa The package components-design-system was found to contain malicious code...

5.8AI score
Exploits0
OSV
OSVadded 2026/03/18 12:44 p.m.7 views

MAL-2026-1696 Malicious code in components-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca129c441caef97d904867f91617f53799650e2f2deef3f531a3a18dfc917efa The package components-design-system was found to contain malicious code...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/03/17 6:15 a.m.4 views

Malicious code in navi-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d7c20b1a93d0713a7cd64e5937906dc8db43fe90795827cedac30fc64031c68 The package navi-design-system was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
OSV
OSVadded 2026/03/17 6:15 a.m.3 views

MAL-2026-1494 Malicious code in navi-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d7c20b1a93d0713a7cd64e5937906dc8db43fe90795827cedac30fc64031c68 The package navi-design-system was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
Rows per page
Query Builder