235235 matches found
Malicious code in n8n-nodes-mcputils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa6d921f2167545e1c8e1a4dfa9981a2b9ce2878b1406608d4673aadd00a761b The package poses as an n8n community node for MCP utility helpers but performs unrelated binary-dropper actions. The postinstall lifecycle script ru...
ROOT-APP-NPM-CVE-2016-20018 CVE-2016-20018 in @rootio/knex - Patched by Root
Root has patched CVE-2016-20018 in the @rootio/knex package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-27977 CVE-2026-27977 in @rootio/next - Patched by Root
Root has patched CVE-2026-27977 in the @rootio/next package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44005 CVE-2026-44005 in @rootio/vm2 - Patched by Root
Root has patched CVE-2026-44005 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-24118 CVE-2026-24118 in @rootio/vm2 - Patched by Root
Root has patched CVE-2026-24118 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-5079 CVE-2026-5079 in @rootio/multer - Patched by Root
Root has patched CVE-2026-5079 in the @rootio/multer package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2021-44906 CVE-2021-44906 in @rootio/minimist - Patched by Root
Root has patched CVE-2021-44906 in the @rootio/minimist package for Root:npm. Multiple fixed versions available...
Malicious code in clavuepro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97a9e3cf794eb2bc8d9ebb4bab007a52bf9fc1ed9dbc3db19695542503ec253e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in clavue (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ffc14d0e15af336ff2709e543272d2386d767fe185b380c5f2c2baeb78c3cbf The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
CVE-2026-55849 @cyclonedx/cyclonedx-npm: Shell Injection via Unsanitized `--workspace` Argument
@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npmexecpath is unset or empty, allowing arbitrary OS command execution with the privileg...
MAL-2026-7024 Malicious code in none123s (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c28e7ef260830adb9561488c487960b12e00bd6939daf8ed8e3a239ec9530699 package.json declares a prepare lifecycle script node index.js || true that auto-executes on npm install. index.js reads canonical installer-secret...
Malicious code in crypto-promiser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25594e7865a7525aebefd2f1fcc8060f144bf202b1986875e1cfd95564f66e88 [email protected] is a typosquat of the legitimate crypto-promise package that ships a dropper in its lifecycle scripts. The declared postinstall...
Malicious code in vps-new-manager (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3a87c3a5996e3d81f13922de94c19e39af1be7c9b6920fc9ade4f43edd838b7 The package's main entry dist/index.js re-exports createServerAdapter from./server/index.js, causing that module to evaluate on any require/import of...
Malicious code in visa-cli-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0e8f566e285de1eec2c3cae07b0faaa8828080a4e1fed7e76e1fe43dfa571ec Package presents as an internal-looking corporate tooling name 'visa-cli-tools' published at an inflated version 99.9.1 — the canonical...
CVE-2026-15033
Technical details (affected product/version, root cause, exploit details, or remediation) are not publicly provided in the supplied documents; monitor for updates.
MAL-2026-6973 Malicious code in gitlens (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c60743ac7b975c729e8ff8bd5310f71fce030efc3979f419f60e129921364ae7 package.json declares a preinstall lifecycle hook that runs curl https://bt8hbz0owdan31qvdap2u5b8izoqcg05.oastify.com on npm install. oastify.com is...
ROOT-APP-NPM-CVE-2026-42037 CVE-2026-42037 in @rootio/axios - Patched by Root
Root has patched CVE-2026-42037 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
MAL-2026-6967 Malicious code in nam-os-a-man (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a483a2ae78f1f6f7d3d4da1ab74cc189f29564e002299f09c19e0d3eb41e40aa The package declares a postinstall hook that runs index.js on npm install. index.js collects the installer's OS username os.userInfo.username, hostna...
MAL-2026-6969 Malicious code in vite-json-pwa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f9204782dfa050ba762ce8c8a35c01e9f7b1e8bf82e140854d182f9614080b6 [email protected] impersonates the legitimate vite-plugin-pwa package author metadata claims 'inna voik' while funding/homepage point at the real...
MAL-2026-6956 Malicious code in rio-design-tokens (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed72d8256a1831ef61f01d101c9b9de21db822516cb3b61d1fffd1ef7b3bb0c7 [email protected] is a dependency-confusion attack package. package.json declares preinstall: node index.js, so npm install auto-executes...