183751 matches found
Netmask NPM Package - Server-Side Request Forgery
Netmask NPM Package is susceptible to server-side request forgery because of improper input validation of octal strings in netmask npm package. This allows unauthenticated remote attackers to perform indeterminate SSRF, remote file inclusion, and local file inclusion attacks on many of the...
npm ansi_up v4 - Cross-Site Scripting
npm package ansiup v4 is vulnerable to cross-site scripting because ANSI escape codes can be used to create HTML hyperlinks. id: CVE-2021-3377 info: name: npm ansiup v4 - Cross-Site Scripting author: geeknik severity: medium description: npm package ansiup v4 is vulnerable to cross-site scripting...
Malicious code in polymarket-clob-math (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d67023e54ba355e9c82fd2a05d2d2448657a3ea9415ff18d3c4669a9fc0afb42 [email protected] ships a postinstall lifecycle script that performs an install-time remote-code-execution drop. On npm install, the script...
Malicious code in ts-ankle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...
MAL-2026-6548 Malicious code in ts-ankle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...
Malicious code in crossmint-wallets-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd4caebfba35b43bf10f156fe687f455e95b09a514b8644fe1a900b63f1bf78a Package name impersonates the Crossmint wallet SDK family. Both preinstall.js and index.js import childprocess, capture host identifiers hostname is...
Malicious code in react-dynammic-table-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d47aff9bb18dcd61350fa86e19d97ddee5ee7c5bdf7f0adea4a685e89d58fa4f [email protected] declares a preinstall lifecycle script node dist/setup.js that runs automatically on npm install. The script...
Malicious code in @epsteinlovekids483/crossmint-wallets-sdk-pentest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e43e5a418541bb3e485010eba536ecc9f1483dba866af53ff4a760684409213 Package's main entry dist/index.cjs unconditionally requires dist/shai-hulud.js at module load. On require, the code harvests installer secrets —...
ROOT-APP-NPM-CVE-2026-44488 CVE-2026-44488 in @rootio/axios - Patched by Root
Root has patched CVE-2026-44488 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-42044 CVE-2026-42044 in @rootio/axios - Patched by Root
Root has patched CVE-2026-42044 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44486 CVE-2026-44486 in @rootio/axios - Patched by Root
Root has patched CVE-2026-44486 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-25639 CVE-2026-25639 in @rootio/axios - Patched by Root
Root has patched CVE-2026-25639 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-42042 CVE-2026-42042 in @rootio/axios - Patched by Root
Root has patched CVE-2026-42042 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-62718 CVE-2025-62718 in @rootio/axios - Patched by Root
Root has patched CVE-2025-62718 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44494 CVE-2026-44494 in @rootio/axios - Patched by Root
Root has patched CVE-2026-44494 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-22036 CVE-2026-22036 in @rootio/undici - Patched by Root
Root has patched CVE-2026-22036 in the @rootio/undici package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-1525 CVE-2026-1525 in @rootio/undici - Patched by Root
Root has patched CVE-2026-1525 in the @rootio/undici package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-12151 CVE-2026-12151 in @rootio/undici - Patched by Root
Root has patched CVE-2026-12151 in the @rootio/undici package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-66031 CVE-2025-66031 in @rootio/node-forge - Patched by Root
Root has patched CVE-2025-66031 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-33896 CVE-2026-33896 in @rootio/node-forge - Patched by Root
Root has patched CVE-2026-33896 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...