Lucene search
+L

235235 matches found

ossf
ossf
added 2026/07/09 11:54 a.m.10 views

Malicious code in n8n-nodes-mcputils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa6d921f2167545e1c8e1a4dfa9981a2b9ce2878b1406608d4673aadd00a761b The package poses as an n8n community node for MCP utility helpers but performs unrelated binary-dropper actions. The postinstall lifecycle script ru...

5.9AI score
Exploits0References2
osv
osv
added 2026/07/09 10:56 a.m.7 views

ROOT-APP-NPM-CVE-2016-20018 CVE-2016-20018 in @rootio/knex - Patched by Root

Root has patched CVE-2016-20018 in the @rootio/knex package for Root:npm. Multiple fixed versions available...

7.5CVSS8.3AI score0.00847EPSS
Exploits1
osv
osv
added 2026/07/09 10:41 a.m.8 views

ROOT-APP-NPM-CVE-2026-27977 CVE-2026-27977 in @rootio/next - Patched by Root

Root has patched CVE-2026-27977 in the @rootio/next package for Root:npm. Multiple fixed versions available...

5.4CVSS5.2AI score0.00171EPSS
Exploits1
osv
osv
added 2026/07/09 10:21 a.m.11 views

ROOT-APP-NPM-CVE-2026-44005 CVE-2026-44005 in @rootio/vm2 - Patched by Root

Root has patched CVE-2026-44005 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...

10CVSS6AI score0.00842EPSS
Exploits1
osv
osv
added 2026/07/09 10:21 a.m.14 views

ROOT-APP-NPM-CVE-2026-24118 CVE-2026-24118 in @rootio/vm2 - Patched by Root

Root has patched CVE-2026-24118 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...

9.8CVSS6AI score0.00917EPSS
Exploits1
osv
osv
added 2026/07/09 6:57 a.m.7 views

ROOT-APP-NPM-CVE-2026-5079 CVE-2026-5079 in @rootio/multer - Patched by Root

Root has patched CVE-2026-5079 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00278EPSS
Exploits0
osv
osv
added 2026/07/09 6:35 a.m.5 views

ROOT-APP-NPM-CVE-2021-44906 CVE-2021-44906 in @rootio/minimist - Patched by Root

Root has patched CVE-2021-44906 in the @rootio/minimist package for Root:npm. Multiple fixed versions available...

9.8CVSS8.2AI score0.04581EPSS
Exploits1
ossf
ossf
added 2026/07/09 5:53 a.m.8 views

Malicious code in clavuepro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97a9e3cf794eb2bc8d9ebb4bab007a52bf9fc1ed9dbc3db19695542503ec253e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
ossf
ossf
added 2026/07/09 5:53 a.m.9 views

Malicious code in clavue (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ffc14d0e15af336ff2709e543272d2386d767fe185b380c5f2c2baeb78c3cbf The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
osv
osv
added 2026/07/08 9:10 p.m.2 views

CVE-2026-55849 @cyclonedx/cyclonedx-npm: Shell Injection via Unsanitized `--workspace` Argument

@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npmexecpath is unset or empty, allowing arbitrary OS command execution with the privileg...

8.5CVSS6.3AI score0.0016EPSS
Exploits0References6
osv
osv
added 2026/07/08 6:51 p.m.3 views

MAL-2026-7024 Malicious code in none123s (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c28e7ef260830adb9561488c487960b12e00bd6939daf8ed8e3a239ec9530699 package.json declares a prepare lifecycle script node index.js || true that auto-executes on npm install. index.js reads canonical installer-secret...

6.1AI score
Exploits0References18
ossf
ossf
added 2026/07/08 5:31 p.m.10 views

Malicious code in crypto-promiser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25594e7865a7525aebefd2f1fcc8060f144bf202b1986875e1cfd95564f66e88 [email protected] is a typosquat of the legitimate crypto-promise package that ships a dropper in its lifecycle scripts. The declared postinstall...

6.6AI score
Exploits0References3
ossf
ossf
added 2026/07/08 5:31 p.m.8 views

Malicious code in vps-new-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3a87c3a5996e3d81f13922de94c19e39af1be7c9b6920fc9ade4f43edd838b7 The package's main entry dist/index.js re-exports createServerAdapter from./server/index.js, causing that module to evaluate on any require/import of...

6.1AI score
Exploits0References3
ossf
ossf
added 2026/07/08 4:24 p.m.11 views

Malicious code in visa-cli-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0e8f566e285de1eec2c3cae07b0faaa8828080a4e1fed7e76e1fe43dfa571ec Package presents as an internal-looking corporate tooling name 'visa-cli-tools' published at an inflated version 99.9.1 — the canonical...

6.2AI score
Exploits0References2
cve
cve
added 2026/07/08 1:15 p.m.10 views

CVE-2026-15033

Technical details (affected product/version, root cause, exploit details, or remediation) are not publicly provided in the supplied documents; monitor for updates.

6.5CVSS6.3AI score0.01067EPSS
Exploits0References6
osv
osv
added 2026/07/08 9:21 a.m.8 views

MAL-2026-6973 Malicious code in gitlens (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c60743ac7b975c729e8ff8bd5310f71fce030efc3979f419f60e129921364ae7 package.json declares a preinstall lifecycle hook that runs curl https://bt8hbz0owdan31qvdap2u5b8izoqcg05.oastify.com on npm install. oastify.com is...

6.5AI score
Exploits0References3
osv
osv
added 2026/07/08 8:58 a.m.15 views

ROOT-APP-NPM-CVE-2026-42037 CVE-2026-42037 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42037 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.0024EPSS
Exploits1
osv
osv
added 2026/07/08 8:26 a.m.7 views

MAL-2026-6967 Malicious code in nam-os-a-man (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a483a2ae78f1f6f7d3d4da1ab74cc189f29564e002299f09c19e0d3eb41e40aa The package declares a postinstall hook that runs index.js on npm install. index.js collects the installer's OS username os.userInfo.username, hostna...

6.1AI score
Exploits0References2
osv
osv
added 2026/07/08 8:21 a.m.8 views

MAL-2026-6969 Malicious code in vite-json-pwa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f9204782dfa050ba762ce8c8a35c01e9f7b1e8bf82e140854d182f9614080b6 [email protected] impersonates the legitimate vite-plugin-pwa package author metadata claims 'inna voik' while funding/homepage point at the real...

6.3AI score
Exploits0References3
osv
osv
added 2026/07/08 12:20 a.m.7 views

MAL-2026-6956 Malicious code in rio-design-tokens (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed72d8256a1831ef61f01d101c9b9de21db822516cb3b61d1fffd1ef7b3bb0c7 [email protected] is a dependency-confusion attack package. package.json declares preinstall: node index.js, so npm install auto-executes...

6.1AI score
Exploits0References3
Rows per page
Query Builder