Exploit for CVE-2025-66478

fix-react2shell-next One...

Exploit for CVE-2025-55182

🔍 Phoenix SCA Scanner - Universal - Version for CVE-2025-55182...

EUVD-1999-1168

Malware in sbrugna...

EUVD-2010-1154

Malware in sbrugna...

EUVD-2025-15407

Malicious code in bioql PyPI...

EUVD-2022-1409

Malicious code in bioql PyPI...

Malicious code in pnpm_prune_lockfile_v9 (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-47717 Malicious code in pnpm_prune_lockfile_v9 (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-47716 Malicious code in pnpm_prune_lockfile_v8 (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in pnpm_prune_lockfile_v8 (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in pnpm_lockfile_file_v9 (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-47715 Malicious code in pnpm_lockfile_file_v9 (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in pnpm_lockfile_file_v8 (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-47714 Malicious code in pnpm_lockfile_file_v8 (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious Package

Overview rushstack-lockfile-explorer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious code in rushstack-lockfile-explorer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00ab388958610beed90f3054ac980a3e187917b93ec99f6f75cbeeff5c3f5dbe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47021 Malicious code in rushstack-lockfile-explorer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00ab388958610beed90f3054ac980a3e187917b93ec99f6f75cbeeff5c3f5dbe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Incorrect Behavior Order

lockfile-lint-api is vulnerable to Incorrect Behavior Order. The vulnerability is due to early validation of the resolved attribute in package URLs, which can be bypassed by extending the package name, allowing attackers to install unintended npm packages...

CVE-2025-4759

Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by extending the package name allowing an attacker to install other npm packages than the intended one...

@adpt/testutils (>=0.1.0-next.1 <=0.4.0-next.6), @lavamoat/git-safe-dependencies (>=0.1.1 <=0.2.1) +6 more potentially affected by CVE-2025-4759 via lockfile-lint-api (>=1.0.7 <=5.9.1)

lockfile-lint-api NPM version =1.0.7, =0.1.0-next.1, =0.1.1, =1.0.0, =4.3.1-test1, =1.3.0, =1.0.1, =4.2.2, =4.3.1, =4.7.0 Source cves: CVE-2025-4759 Source advisory: OSV:GHSA-7CFR-5CJF-32P4...