Lucene search
+L

235245 matches found

OSV
OSV
added 4 days ago7 views

ROOT-APP-NPM-CVE-2025-64718 CVE-2025-64718 in @rootio/js-yaml - Patched by Root

Root has patched CVE-2025-64718 in the @rootio/js-yaml package for Root:npm. Multiple fixed versions available...

5.3CVSS5.4AI score0.00414EPSS
Exploits0
OSV
OSV
added 4 days ago5 views

ROOT-APP-NPM-CVE-2026-27606 CVE-2026-27606 in @rootio/rollup - Patched by Root

Root has patched CVE-2026-27606 in the @rootio/rollup package for Root:npm. Multiple fixed versions available...

9.8CVSS5.9AI score0.01402EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago8 views

Malicious code in @akshajrawat/plugin-repo-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 596ef9a9a6888c00110ee80e3633052ed89887a8465e9a5eaa824a81e5211e46 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago27 views

Malicious code in @cw-ui/asio-neon-themes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dcd2366d31cefc8f66861e0e65c782a88c46dc9232d11d463a9fa2869c73dcaa On npm install, postinstall.js reads os.hostname and embeds it as a query parameter in a plain-HTTP GET to a bare IPv4 address...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago9 views

Malicious code in sight-bind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 398788014436c7e95df3045f9b32398c3de46b8c9275c0437e44bda1dcb6cc00 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 4 days ago4 views

MAL-2026-10568 Malicious code in sync-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37fba87304c3a7ede2f03b87c89b49a3fb9b7f201befbaf79312da2cce65abc4 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago8 views

Malicious code in sync-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37fba87304c3a7ede2f03b87c89b49a3fb9b7f201befbaf79312da2cce65abc4 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 4 days ago5 views

MAL-2026-10566 Malicious code in sight-bind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 398788014436c7e95df3045f9b32398c3de46b8c9275c0437e44bda1dcb6cc00 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 4 days ago4 views

MAL-2026-10521 Malicious code in @flcik/flick.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d31c087b34f156cf2b5ae7070222a57e2d760d68f9c4c73721c2800eb7b6bf62 @flcik/[email protected] replicates the discord.js public API surface FlickClient, GatewayIntentBits, SlashCommandBuilder, ButtonStyle, MessageFlags, th...

6.1AI score
Exploits0References10
OSV
OSV
added 4 days ago4 views

MAL-2026-10522 Malicious code in flick-test-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67f05e70375ac31032fb4fc3abf302d1c1122bf01504f810aa74d9fe59066d36 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 5 days ago6 views

MAL-2026-10515 Malicious code in nodemon-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3f5aa35dd34f3c1d075d6ebee3f25a0445780f6f2c78d55a958868e530fe315 nodemon-web copies the source of the popular nodemon package verbatim and reuses Remy Sharp's author metadata and the...

6.1AI score
Exploits0References2
OSV
OSV
added 5 days ago7 views

MAL-2026-10491 Malicious code in assertcoreutils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e53b085bfe045b4aeabe9ad77e1066ab0883f27304197377681191c3118b780 assertcoreutils impersonates the popular chai assertion library: the README, the chai keyword, the lib/chai/ directory layout, and lib/chai.js are...

6.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago7 views

Malicious code in @dervix/engine.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 118dd8f5224b1dcccddf25d74c6c9fe3543b444173ea293dafa28154e82689d5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago10 views

Malicious code in @dervix/socket.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c299d96dca6144eec3e8be8770c98430139e9b6b982762da448ef50b7bde06a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References8
OSV
OSV
added 5 days ago5 views

MAL-2026-10475 Malicious code in @dervix/socket.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c299d96dca6144eec3e8be8770c98430139e9b6b982762da448ef50b7bde06a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago6 views

Malicious code in nodemon-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf8b1d5b3dd215c6c8d726b73ad11fbb29e7285da9a7e88854552931f750d437 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago9 views

Malicious code in @oliviamcdaniel12/safer-buffer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55129478b44191f3a4bb3308036567d5e2eb1a73084511b424917b6b5f7bf50f Package impersonates the popular safer-buffer module. On require, safer.js reads a PID from Porting-Buffer.md and, if that process is not alive, spaw...

6.1AI score
Exploits0References3
OSV
OSV
added 5 days ago4 views

MAL-2026-10431 Malicious code in @tailwind-ts/eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8feb6293e6f7cb00a6c6ab82e6d04f8eae29e846ae0abb8a1d65e2cdfbbc9c7 Package is published as an ESLint plugin for Tailwind CSS v4, but the shipped code implements unrelated Polymarket Kelly stake math and a postinstall...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago10 views

Malicious code in jsonfb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fc07bf73ed684a1d555baa4dc6cadcd170bde4da4779ef62c0dd3f9cf02c99a Package [email protected] is presented as a JSON.parse bigint helper mimicking json-bigint, and re-using the real json-bigint maintainer's name in...

6.1AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in tipsen-poc-again (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0977477bc81c656f52fb981657983580b411dda6d2c6766ba4d6a35fe4ae970 package.json declares its sole runtime dependency safe-chain-test as an HTTPS tarball URL pointing at a trycloudflare.com quick-tunnel host...

6.3AI score
Exploits0References2
Rows per page
Query Builder