Lucene search
+L

1940 matches found

cgr
cgr
added 2 days ago9 views

CVE-2026-59871 vulnerabilities

Vulnerabilities for packages: npm...

7.5CVSS6.1AI score0.00358EPSS
Exploits1
ossf
ossf
added 2026/07/02 12:0 a.m.9 views

Malicious code in @marketfront/bannerpopup (npm)

The @marketfront/bannerpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6AI score
Exploits0References2
thn
thn
added 2026/06/26 11:5 a.m.6 views

Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, even as it has propagated to the Go ecosystem. "The latest activity includes malicious npm releas...

6.5AI score
Exploits0
ossf
ossf
added 2026/06/05 12:53 a.m.15 views

Malicious code in executable-stories-cypress (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 838176fbbb9290f1ee55af50cd6e292d461f33565a675a6e965bbe50d3b6c3ec No concrete installer-harm evidence was identified in this version of executable-stories-cypress. No lifecycle hook payloads, hardcoded exfiltration...

6.1AI score
Exploits0References8
ossf
ossf
added 2026/06/05 12:53 a.m.15 views

Malicious code in eslint-plugin-executable-stories-playwright (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3b2b639cf616d5d975e12b917cfd679b4e247fce023e0b2bbf64b7a1482b596 No concrete installer-harm signals were identified in this package version. No lifecycle scripts, hardcoded network destinations, credential-path...

6AI score
Exploits0References4
osv
osv
added 2026/06/05 12:53 a.m.10 views

MAL-2026-5250 Malicious code in executable-stories-cypress (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 838176fbbb9290f1ee55af50cd6e292d461f33565a675a6e965bbe50d3b6c3ec No concrete installer-harm evidence was identified in this version of executable-stories-cypress. No lifecycle hook payloads, hardcoded exfiltration...

6.2AI score
Exploits0References8
osv
osv
added 2026/06/05 12:53 a.m.20 views

MAL-2026-5230 Malicious code in autotel-subscribers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 374da77433b452664266e009188064316b6defdcb0ee4b7e391a158a0a5ca6bf No concrete installer-harm signals were identified in this version of autotel-subscribers. There is no observed lifecycle script fetching remote...

6.2AI score
Exploits0References31
vulnersosv
vulnersosv
added 2026/06/03 9:38 p.m.7 views

browserstack-tape-runner (>=1.0.0 <=3.0.0), duplo (>=1.6.11 <=1.9.1) +4 more potentially affected by CVE-2026-49144 via browserstack-runner (>=0.2.1 <=0.9.4)

browserstack-runner NPM version =0.2.1, =1.0.0, =1.6.11, =0.1.4, =0.1.1, =2.0.2 - run-browserstack-tests =1.0.2 - yasmf-localization =0.0.2 Source cves: CVE-2026-49144 Source advisory: OSV:GHSA-8RPW-6CQH-2V9H...

7.1CVSS5.4AI score0.00208EPSS
Exploits0
ossf
ossf
added 2026/06/01 8:0 a.m.17 views

Malicious code in @customer-threesixty/assets (npm)

Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...

5.8AI score
Exploits0
ossf
ossf
added 2026/06/01 12:0 a.m.15 views

Malicious code in @redhat-cloud-services/patch-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
ossf
ossf
added 2026/06/01 12:0 a.m.18 views

Malicious code in @redhat-cloud-services/frontend-components-utilities (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
ossf
ossf
added 2026/06/01 12:0 a.m.13 views

Malicious code in @redhat-cloud-services/insights-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
ossf
ossf
added 2026/06/01 12:0 a.m.15 views

Malicious code in @redhat-cloud-services/frontend-components-translations (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
ossf
ossf
added 2026/06/01 12:0 a.m.15 views

Malicious code in @redhat-cloud-services/hcc-kessel-mcp (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
ossf
ossf
added 2026/06/01 12:0 a.m.16 views

Malicious code in @redhat-cloud-services/frontend-components-advisor-components (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
ossf
ossf
added 2026/06/01 12:0 a.m.14 views

Malicious code in @redhat-cloud-services/compliance-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
osv
osv
added 2026/06/01 12:0 a.m.17 views

MAL-2026-5145 Malicious code in @redhat-cloud-services/patch-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
osv
osv
added 2026/06/01 12:0 a.m.9 views

MAL-2026-5146 Malicious code in @redhat-cloud-services/remediations-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
osv
osv
added 2026/06/01 12:0 a.m.13 views

MAL-2026-5136 Malicious code in @redhat-cloud-services/frontend-components-notifications (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References3
osv
osv
added 2026/06/01 12:0 a.m.15 views

MAL-2026-5144 Malicious code in @redhat-cloud-services/notifications-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
Rows per page
Query Builder