Lucene search
K

29912 matches found

Snyk
Snyk
added 2026/05/21 9:0 p.m.9 views

Embedded Malicious Code

Overview @tiledesk/tiledesk-server is a The Tiledesk server module Affected versions of this package are vulnerable to Embedded Malicious Code part of the "Megalodon" campaign that orchestrated a massive supply-chain attack, pushing malicious commits to 5,561 GitHub repositories within a six-hour...

9.8CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/21 8:45 p.m.4 views

GHSA-Q2F7-M237-V562 @hulumi/policies: GitHub OIDC trust policy bypass via AWS set-qualified condition operators

Impact: @hulumi/policies versions before 1.3.2 only checked exact AWS IAM StringLike/StringEquals condition operator keys in GOIDC1. Set-qualified operators such as ForAnyValue:StringLike could hide wildcard GitHub Actions OIDC sub conditions from the mandatory guardrail. Patched in 1.3.2: the AW...

9.3CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/21 8:45 p.m.19 views

@hulumi/policies: GitHub OIDC trust policy bypass via AWS set-qualified condition operators

Impact: @hulumi/policies versions before 1.3.2 only checked exact AWS IAM StringLike/StringEquals condition operator keys in GOIDC1. Set-qualified operators such as ForAnyValue:StringLike could hide wildcard GitHub Actions OIDC sub conditions from the mandatory guardrail. Patched in 1.3.2: the AW...

5.8AI score
Exploits0References2Affected Software1
Wolfi
Wolfi
added 2026/05/21 7:48 p.m.18 views

GHSA-FW88-PF9M-P947 vulnerabilities

Vulnerabilities for packages: wildfly...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/05/21 7:18 p.m.8 views

GHSA-FW88-PF9M-P947 vulnerabilities

Vulnerabilities for packages: wildfly...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/05/21 7:18 p.m.12 views

GHSA-3X3V-W654-M28M vulnerabilities

Vulnerabilities for packages: wildfly...

5.8AI score
Exploits0
Circl
Circl
added 2026/05/21 5:14 p.m.13 views

CVE-2026-46490

creationtimestamp| type| source ---|---|--- 2026-05-21 17:14:07+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-34r5-q4jw-r36m 2026-06-16 12:08:10+00:00| seen| https://bsky.app/profile/cyberowi.pl/post/3mofr6ky2jf22...

8.8CVSS5.8AI score0.00383EPSS
Exploits2References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 3:9 p.m.14 views

Malicious code in utils-mf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d338ea2a5c454a5a0352e6fb29bd940027bc4b8c349649f6356c4fc4f396272 Package metadata advertises 'utility mf' with main 'index.js', but the shipped main is a 15.7MB obfuscator.io-style blob preceded by 8MB of...

5.9AI score
Exploits0References5
OSV
OSV
added 2026/05/21 3:9 p.m.9 views

MAL-2026-4699 Malicious code in utils-mf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d338ea2a5c454a5a0352e6fb29bd940027bc4b8c349649f6356c4fc4f396272 Package metadata advertises 'utility mf' with main 'index.js', but the shipped main is a 15.7MB obfuscator.io-style blob preceded by 8MB of...

5.9AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 2:20 p.m.10 views

Malicious code in @vino.tian/vibe-kanban (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f1533bb7e55b1bcd10291aa9f19e2a5cbe5755a7a6a7343d38fbd3ff8064a1f This package is published as @vino.tian/vibe-kanban and copies its README, name, and feature description from BloopAI's legitimate vibe-kanban projec...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/05/21 2:20 p.m.8 views

MAL-2026-4462 Malicious code in @vino.tian/vibe-kanban (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f1533bb7e55b1bcd10291aa9f19e2a5cbe5755a7a6a7343d38fbd3ff8064a1f This package is published as @vino.tian/vibe-kanban and copies its README, name, and feature description from BloopAI's legitimate vibe-kanban projec...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 1:49 p.m.11 views

Malicious code in @lokuma/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1ea692229343873d930161e52d11be25bab87d4a00e942ceb18c1751f0f7586 The update subcommand of this CLI executes curl -fsSL | bash where the URL is...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/21 1:49 p.m.18 views

MAL-2026-4405 Malicious code in @lokuma/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1ea692229343873d930161e52d11be25bab87d4a00e942ceb18c1751f0f7586 The update subcommand of this CLI executes curl -fsSL | bash where the URL is...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 12:43 p.m.11 views

Malicious code in autoheal-dev-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e0f114cd638df1be1f2262e1b05dbe726cee5600a10be6d67be8ac8e1089f3d autoheal-dev-cli is a setup wizard bin/setup.js that, when run, performs three installer-harm actions against the developer running it: 1...

5.9AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 11:27 a.m.10 views

Malicious code in @autoheal/setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a8b8b7d51e8865d048583893b08ad3d3d95a8371963b82adc6bf4b7938fe4c1 When the user runs this setup wizard, bin/setup.js posts the user's GitHub Personal Access Token scope repo,user:email, GitHub repo name, branch,...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/21 11:27 a.m.11 views

MAL-2026-4366 Malicious code in @autoheal/setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a8b8b7d51e8865d048583893b08ad3d3d95a8371963b82adc6bf4b7938fe4c1 When the user runs this setup wizard, bin/setup.js posts the user's GitHub Personal Access Token scope repo,user:email, GitHub repo name, branch,...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 9:13 a.m.11 views

Malicious code in @hanssoft/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3f83fb38a98b69c322df069a26c495101aa35682df8f83641b00e2ce40a99bd This package is a fork of the WhatsApp library Baileys whose metadata homepage, repository, author points at the upstream @whiskeysockets/baileys,...

5.9AI score
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2026/05/21 9:0 a.m.14 views

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations...

5.8AI score
Exploits0
Circl
Circl
added 2026/05/21 8:50 a.m.6 views

CVE-2026-48154

creationtimestamp| type| source ---|---|--- 2026-05-21 08:50:03+00:00| published-proof-of-concept| https://github.com/pilinux/gorest/security/advisories/GHSA-cpwg-x64r-rgwg...

5.8AI score0.00051EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 8:19 a.m.13 views

Malicious code in @budetzz/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2dbcccc761971dfc5f844f59f362fe32ee1e0b9a3cd91ddd4fc87be5c8b013a The package is published under the name @budetzz/libsignal-node, impersonating the well-known libsignal Signal-protocol library, but the homepage and...

5.9AI score
Exploits0References1
Rows per page
Query Builder