Lucene search
K

122183 matches found

OSV
OSV
added yesterday8 views

ROOT-APP-NPM-CVE-2026-44288 CVE-2026-44288 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44288 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

5.3CVSS5.4AI score0.00301EPSS
Exploits0
OSV
OSV
added yesterday8 views

ROOT-APP-NPM-CVE-2025-69873 CVE-2025-69873 in @rootio/ajv - Patched by Root

Root has patched CVE-2025-69873 in the @rootio/ajv package for Root:npm. Multiple fixed versions available...

7.5CVSS5.5AI score0.00492EPSS
Exploits1
OSV
OSV
added 2 days ago3 views

ROOT-APP-NPM-CVE-2026-0000 CVE-2026-0000 in @rootio/react-leaflet-heatmap-layer - Patched by Root

Root has patched CVE-2026-0000 in the @rootio/react-leaflet-heatmap-layer package for Root:npm. Multiple fixed versions available...

5.8AI score
Exploits0
OSV
OSV
added 4 days ago3 views

MAL-2026-6698 Malicious code in cursed-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b6aab954f9b8edbc759c97eabe39d7a070c4dbe852586422761ad0f8c7ad95 [email protected] executes attacker-controlled code on three separate triggers and operates a bidirectional command channel against a hardcoded...

6AI score
Exploits0References19
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago5 views

Malicious code in ts-lint-builders-v2.1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fc4c23edadea0930347028a24b67219dad6d3cbc4ec0fe1f93e8954425107ad On npm install, the package's postinstall hook node test.js executes a multi-stage attack against the installer. 1 It recursively scans the current...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago5 views

Malicious code in ts-linting-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c719aef78218f6b59b9f209c41eff610782c86c2ced5aeabe288218ac3c4f880 On npm install, the package's postinstall script test.js invokes routines in index.js that recursively scan the current working directory and the...

6AI score
Exploits0References2
OSV
OSV
added 4 days ago6 views

MAL-2026-6677 Malicious code in ts-lint-builders-v2.1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fc4c23edadea0930347028a24b67219dad6d3cbc4ec0fe1f93e8954425107ad On npm install, the package's postinstall hook node test.js executes a multi-stage attack against the installer. 1 It recursively scans the current...

5.8AI score
Exploits0References2
OSV
OSV
added 4 days ago2 views

MAL-2026-6702 Malicious code in vue-demi-fix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bf683b6e8715fecd451a06da256d90048054cbe463da64e43c1a8db4226b661 vue-demi-fix is a name-confusion package against the widely used vue-demi library. package.json declares both preinstall and postinstall lifecycle...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in vue-demi-fix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bf683b6e8715fecd451a06da256d90048054cbe463da64e43c1a8db4226b661 vue-demi-fix is a name-confusion package against the widely used vue-demi library. package.json declares both preinstall and postinstall lifecycle...

5.8AI score
Exploits0References3
OSV
OSV
added 4 days ago6 views

ROOT-APP-NPM-GHSA-5C6J-R48X-RMVQ GHSA-5c6j-r48x-rmvq in @rootio/serialize-javascript - Patched by Root

Root has patched GHSA-5c6j-r48x-rmvq in the @rootio/serialize-javascript package for Root:npm. Multiple fixed versions available...

5.8AI score
Exploits0
OSV
OSV
added 4 days ago2 views

MAL-2026-6690 Malicious code in log-taker1 (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. log-taker1 embeds a full infostealer 2800 lines directly in index.js, executed at install time via postinstall: node test.js. The payload harvests cryptocurrency wallet vaults MetaMask, Phantom, Solflare,...

5.8AI score
Exploits0References2
OSV
OSV
added 4 days ago3 views

MAL-2026-6692 Malicious code in polymarket-trading-developer-tools (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-trading-developer-tools uses a dropper technique: a postinstall hook downloads configuration from pm-trading-dev-tools-be.vercel.app and exfiltrates data to the...

6AI score
Exploits0References3
OSV
OSV
added 5 days ago6 views

ROOT-APP-NPM-CVE-2023-45857 CVE-2023-45857 in @rootio/axios - Patched by Root

Root has patched CVE-2023-45857 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

6.5CVSS5.4AI score0.00556EPSS
Exploits1
OSV
OSV
added 5 days ago6 views

MAL-2026-6572 Malicious code in rebrandly-domains-digger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d1744d2a299b9ef0526f49b4b2297fcd6c72581c51a3359801db56318d8cfda The package declares a preinstall hook that runs node callback.js. On npm install, callback.js collects installer-side identifiers — os.hostname,...

5.8AI score
Exploits0References2
OSV
OSV
added 5 days ago4 views

MAL-2026-6573 Malicious code in rebrandly-domains-search-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d4464320c8530d582d35f85ce95045182d82e1dd63a830644bcb68f05bdf10e Package [email protected] is an empty module index.js exports an empty object whose package.json preinstall hook runs node...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago8 views

Malicious code in polymarket-clob-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d67023e54ba355e9c82fd2a05d2d2448657a3ea9415ff18d3c4669a9fc0afb42 [email protected] ships a postinstall lifecycle script that performs an install-time remote-code-execution drop. On npm install, the script...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added last week9 views

Malicious code in ts-ankle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...

5.8AI score
Exploits0References2
OSV
OSV
added last week10 views

MAL-2026-6548 Malicious code in ts-ankle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 2:13 p.m.7 views

Malicious code in @epsteinlovekids483/crossmint-wallets-sdk-pentest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e43e5a418541bb3e485010eba536ecc9f1483dba866af53ff4a760684409213 Package's main entry dist/index.cjs unconditionally requires dist/shai-hulud.js at module load. On require, the code harvests installer secrets —...

5.9AI score
Exploits0References9
OSV
OSV
added 2026/06/26 11:13 a.m.5 views

ROOT-APP-NPM-CVE-2026-2739 CVE-2026-2739 in @rootio/bn.js - Patched by Root

Root has patched CVE-2026-2739 in the @rootio/bn.js package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.00467EPSS
Exploits0
Rows per page
Query Builder