Lucene search
K

4 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:33 p.m.9 views

Malicious code in mcp-server-github (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 156761c4bd0e22759f082d7c030c241be12301dced1e58943c17aaacf9fe0958 Package squats the unscoped name mcp-server-github to intercept installs intended for the official @modelcontextprotocol/server-github. package.json...

5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/09 8:33 p.m.10 views

MAL-2026-5479 Malicious code in mcp-server-github (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 156761c4bd0e22759f082d7c030c241be12301dced1e58943c17aaacf9fe0958 Package squats the unscoped name mcp-server-github to intercept installs intended for the official @modelcontextprotocol/server-github. package.json...

5.4AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 12:47 a.m.8 views

CVE-2022-31527

The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7AI score0.01118EPSS
Exploits1References1
Node.js
Node.js
added 2019/10/15 5:44 p.m.15 views

Denial of Service

Overview Versions of express-fileupload prior to 1.1.6-alpha.6 are vulnerable to Denial of Service. The package causes server responses to be delayed up to 30s in internal testing if the request contains a large filename of . characters. Recommendation Upgrade to version 1.1.6-alpha.6 or later...

6.8AI score
Exploits0Affected Software1
Rows per page
Query Builder