Lucene search
K

9118 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago6 views

Malicious code in express-deflect (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 284d3f4c5f55f69391b1172ba9d2c714e3ae358a2c92a501049a1495547e1588 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago6 views

Malicious code in chai-spycore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbb99516f251bbd13baae5273239a6a04acefea76ddf1a7b06f4b5a328339dae Package republishes the chai-spies Chai plugin source verbatim including original author header under the near-identical name chai-spycore...

6.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in twcompose-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 096d151917a14021013de8dbd595466944a677be49ee8ca4b3ed94de63d85cd9 The package's main entry point src/index.js contains heavily obfuscated JavaScript at line 138 using a classic string-array shuffle pattern while!!...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in competion (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7977f7cd8dcf35f17c8745de465b35f920055be22dbb883dda7abf2e978ef0e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 6 days ago3 views

MAL-2026-6894 Malicious code in tracing-str (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 466143b5f195d4924e2227921a288954ecec9ed34d52af8ff433056f5ff56903 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in tracing-str (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 466143b5f195d4924e2227921a288954ecec9ed34d52af8ff433056f5ff56903 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in sleek-pretty (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba44435dd6e0686c11ff8a9e27c60eef2f2fbdbcdbd0c3936d1f07cc78d38090 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in pretty-pino-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8a3122c1ab14fbe9f5eb55c0b5ba1db0c7b8e47ecc4d935b758d6bf679821e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References2
OSV
OSV
added 6 days ago5 views

MAL-2026-6867 Malicious code in pretty-pino-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8a3122c1ab14fbe9f5eb55c0b5ba1db0c7b8e47ecc4d935b758d6bf679821e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in pino-pretty-logs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7864fcfe92b62b2ddc003e696cbe02d18e0979f4336bff4cc9352f318b260fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in bootstrap-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9ac4913fc1ffcabe1ed6637abc6d532abc014683f48b341ece6127a51da15d8 The package's index.js is heavily obfuscated with classic string-array shuffling patterns e.g., while!! loops with repeated 'shift' calls and...

6AI score
Exploits0References2
OSV
OSV
added 6 days ago5 views

MAL-2026-6816 Malicious code in emojiprint-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6cbf02130e84c5829369887b3e109fbf7ad94e2fbf4b4b2ca82c28f0059a7ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago4 views

Malicious code in rollup-plugin-polyfill-handler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fcd05581537eece4993579cb664215a82b87dad2bdb03cae7ba998ba092a79d Package name mimics the rollup-plugin- ecosystem but exposes no Rollup plugin API. Its exported functions getPlugin, setPlugin, and getPluginExten ea...

6.6AI score
Exploits0References3
OSV
OSV
added 6 days ago7 views

MAL-2026-6825 Malicious code in react-next-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a7b3360c09fca3400981d3d0d4c5e8a72c8193e0841c5d2eceb193a08fc440e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago5 views

Malicious code in mongoose-lean-hooks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 540ace1cb8bc936ea953554a9ffc28203370f82cb5e5a7dfbf1454bf0e834b9a On require'mongoose-lean-hooks', the package's main entry index.js runs a top-level async IIFE that issues an HTTP GET to...

6.5AI score
Exploits0References5
NVD
NVD
added 2026/07/04 2:16 a.m.9 views

CVE-2025-71380

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or...

8.8CVSS0.00413EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.42 views

CVE-2025-71380 n8n - Arbitrary Command Execution via Execute Command Node

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or...

8.8CVSS0.00413EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/04 1:23 a.m.12 views

EUVD-2025-210426

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or...

8.8CVSS6.2AI score0.00413EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.11 views

CVE-2025-71380

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or...

8.8CVSS6.2AI score0.00413EPSS
Exploits0References3
CVE
CVE
added 2026/07/04 1:23 a.m.28 views

CVE-2025-71380

CVE-2025-71380 : The n8n Execute Command node is vulnerable to arbitrary command execution by authenticated users on the host running n8n. The issue allows user- or credential-compromised attackers to run commands that could exfiltrate data, disrupt services, or fully compromise the host. Concret...

8.8CVSS6.2AI score0.00413EPSS
Exploits0References2
Rows per page
Query Builder