CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•13 views

Malicious code in @antv/l7plot-component (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

OSV•added 2026/05/19 12:0 a.m.•7 views

MAL-2026-4047 Malicious code in @antv/l7-pass (npm)

OSV•added 2026/05/19 12:0 a.m.•7 views

MAL-2026-4151 Malicious code in relationship.js (npm)

OSV•added 2026/05/19 12:0 a.m.•8 views

MAL-2026-3980 Malicious code in @antv/g2plot (npm)

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•7 views

Malicious code in @antv/l7-renderer (npm)

OSV•added 2026/05/19 12:0 a.m.•5 views

MAL-2026-4126 Malicious code in ai-figure (npm)

OSV•added 2026/05/19 12:0 a.m.•5 views

MAL-2026-4113 Malicious code in @antv/x6-react-components (npm)

OSV•added 2026/05/19 12:0 a.m.•9 views

MAL-2026-3896 Malicious code in @antv/f2-site (npm)

OSV•added 2026/05/19 12:0 a.m.•5 views

MAL-2026-3854 Malicious code in @antv/ava-react (npm)

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•8 views

Malicious code in @antv/graphlib (npm)

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•13 views

Malicious code in @antv/l7-core (npm)

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•11 views

Malicious code in @antv/chart-visualization-skills (npm)

OSV•added 2026/05/19 12:0 a.m.•3 views

MAL-2026-4140 Malicious code in jest-less-loader (npm)

EUVD•added 2026/05/12 8:41 p.m.•10 views

EUVD-2026-29841

nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowednonwriteusers: $...

7.2CVSS5.8AI score0.00242EPSS

RedhatCVE•added 2026/04/27 7:23 p.m.•2 views

CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

7.4CVSS5.4AI score0.00281EPSS

ATTACKERKB•added 2026/04/24 6:32 p.m.•5 views

CVE-2026-41414

7.4CVSS5.4AI score0.00281EPSS

Exploits1References3

CNNVD•added 2026/04/15 12:0 a.m.•5 views

OWASP BLT 安全漏洞

OWASP BLT is an open-source gamified crowdsourcing platform for testing and disclosing vulnerabilities. Versions of OWASP BLT prior to 2.1.1 contained security vulnerabilities. These vulnerabilities were caused by a remote code execution issue in the.github/workflows/regenerate-migrations.yml...

8.8CVSS6.6AI score0.00411EPSS

OSSF Malicious Packages•added 2026/03/24 11:15 a.m.•8 views

Malicious code in litellm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 6a89401cbf53902e8374fbf3b424a77bb5e5f8c437176232eab7c3237d10ecbe LiteLLM was compromised through trivy security scan in a GitHub workflow. Attackers uploaded malicious versions of LiteLLM to PyPI. The...