MAL-2026-3267 Malicious code in @bcs-bank-react-ui/swiper-slider (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc6cabd59042f5fc22327d81efedc2ed1926f8f9457d124906fde72fbf65d46 The package @bcs-bank-react-ui/swiper-slider was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview @bcs-bank-react-ui/swiper-slider is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to remote code execution (CVE-2026-27212)

Summary Node.js module swipper is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability in Node.js...

Exploit for Prototype Pollution in Swiperjs Swiper

-PoC-CVE-2026-27212-Swiper-Auth-Bypass CVE-2026-27212 is a vu...

CVE-2026-27212

Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in line 94 of shared/utils.mjs, where the indexOf function is used to check whether user provided...

CVE-2026-27212

Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in line 94 of shared/utils.mjs, where the indexOf function is used to check whether user provided...

CVE-2026-27212

CVE-2026-27212 affects the npm package swiper (versions 6.5.1 through 12.1.1). The vulnerability is a prototype pollution in shared/utils.mjs where indexOf() checks input against forbidden strings; crafted input can pollute Object.prototype via Array.prototype, despite a prior mitigation. This ca...

CVE-2026-27212 Swiper has a Prototype Pollution Vulnerability

Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in line 94 of shared/utils.mjs, where the indexOf function is used to check whether user provided...

CVE-2026-27212 Swiper has a Prototype Pollution Vulnerability

Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in line 94 of shared/utils.mjs, where the indexOf function is used to check whether user provided...

CVE-2026-27212

Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in line 94 of shared/utils.mjs, where the indexOf function is used to check whether user provided...

CVE-2026-27212 Swiper has a Prototype Pollution Vulnerability

Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in line 94 of shared/utils.mjs, where the indexOf function is used to check whether user provided...

Swiper 安全漏洞

Swiper is a free mobile touch slider developed by Vladimir Kharlampidi. It is designed for mobile websites, mobile web applications, and native mobile applications. Versions of Swiper from 6.5.1 to 12.1.1 contain security vulnerabilities. These vulnerabilities stem from prototype pollution, which...

Prototype Pollution

Overview swiper is a Most modern mobile touch slider and framework with hardware accelerated transitions Affected versions of this package are vulnerable to Prototype Pollution via the extendDefaults function. An attacker can modify the prototype of global objects by supplying crafted input,...

Prototype Pollution

Overview org.webjars.npm:swiper is a Most modern mobile touch slider and framework with hardware accelerated transitions Affected versions of this package are vulnerable to Prototype Pollution via the extendDefaults function. An attacker can modify the prototype of global objects by supplying...

GHSA-HMX5-QPQ5-P643 Prototype pollution in swiper

Summary A prototype pollution vulnerability exists in the the npm package swiper =6.5.1, -1; let obj = ; var maliciouspayload = '"proto":"polluted":"yes"'; console.log.polluted; swiper.default.extendDefaultsJSON.parsemaliciouspayload; console.log.polluted; // prints yes - indicating that the patc...

Prototype pollution in swiper

Summary A prototype pollution vulnerability exists in the the npm package swiper =6.5.1, -1; let obj = ; var maliciouspayload = '"proto":"polluted":"yes"'; console.log.polluted; swiper.default.extendDefaultsJSON.parsemaliciouspayload; console.log.polluted; // prints yes - indicating that the patc...

PT-2026-21358

Name of the Vulnerable Software and Affected Versions Swiper versions 6.5.1 through 12.1.1 Description Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. A prototype pollution issue exists in the shared/utils.mjs file, specifically at line 94, wher...

CVE-2024-39853

adolphdudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-39000

adolphdudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

EUVD-2025-199314

Malicious code in @fishingbooker/react-swiper npm...