8381 matches found
databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +3 more potentially affected by CVE-2026-2734 via mlflow (>=3.0.0rc2 <=3.0.1)
mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =0.2.0.dev0, =0.6.7, =0.8.1 Source cves: CVE-2026-2734 Source advisory: SNYK:PYTHON-MLFLOW-16787326...
Malicious code in auth0-templates-scripts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1bc0f40b778be080e2a14dd0097ab772565cc570f5fd471f10e883f259be2db6 Package name 'auth0-templates-scripts' impersonates the Auth0 Okta brand without affiliation. The author field is the placeholder 'OpenSource...
MAL-2026-4489 Malicious code in auth0-templates-scripts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1bc0f40b778be080e2a14dd0097ab772565cc570f5fd471f10e883f259be2db6 Package name 'auth0-templates-scripts' impersonates the Auth0 Okta brand without affiliation. The author field is the placeholder 'OpenSource...
org.apache.camel.kafkaconnector:camel-cxf-kafka-connector (>=3.18.1 <=3.21.0), org.apache.camel.kafkaconnector:camel-cxfrs-kafka-connector (>=3.18.1 <=4.14.5) +16 more potentially affected by CVE-2026-47323 via org.apache.camel:camel-cxf-rest (>=3.18.0 <=4.14.5)
org.apache.camel:camel-cxf-rest MAVEN version =3.18.0, =3.18.1, =3.18.1, =3.18.1, =3.18.1, =4.10.3, =3.18.0, =4.10.3, =4.10.7, =3.18.0, =3.18.0, =8.0.1.R2023-08-RT, =8.0.1.R2023-08-RT, =8.0.1.R2023-08-RT, =8.0.1.R2024-05-RT - org.talend.esb.locator.service:locator-soap-service =$%7Brevision%7D an...
org.glassfish.main.admingui:admingui (>=7.0.0 <=9.0.0-M1), org.glassfish.main.admingui:console-cluster-plugin (>=7.0.0 <=9.0.0-M1) +19 more potentially affected by CVE-2026-2586 via org.glassfish.jsftemplating:jsftemplating (>=4.0.0 <=4.1.0)
org.glassfish.jsftemplating:jsftemplating MAVEN version =4.0.0, =7.0.0, =7.0.0, =7.0.16, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =9.0.0-M1 and more Source cves: CVE-2026-2586 Source advisory: SNYK:JAVA-ORGGLASSFISHJSFTEMPLATING-167906...
cache-extensions (>=1.7.0 <=1.14.1) potentially affected by unknown CVE via setup-php (>=2.15.0 <=2.36.0)
setup-php NPM version =2.15.0, =1.7.0, =1.14.1 Source cves: unknown CVE Source advisory: SNYK:JS-SETUPPHP-16874160...
MAL-2026-4624 Malicious code in nw-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e3ff057a42800ad78024ac1c48e0d6fbf9c828eb828a41e6737c32b6174ce8c Package is published publicly on npm at version 100.20.33 — a version-number shape used in dependency-confusion attacks to outrank private internal...
@weirdorg/dotenv (>=1.0.1 <=1.0.4) potentially affected by unknown CVE via @weirdorg/config (=1.0.3)
@weirdorg/config NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on @weirdorg/config and may be impacted: - @weirdorg/dotenv =1.0.1, =1.0.4 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4466...
Malicious code in @qwedqwed/axios (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65cc6ad7f5d72e7e50a4493915cc5b8ce23b39b6f25ca5515228be44695016ca Package @qwedqwed/axios is published under a scope that does not belong to the real axios maintainers but copies axios's README, source, homepage...
Malicious code in axiosqqq (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9cf5bc7a896b21f9af923c60b9283758bf46d4fb279f752a42bae43bb6006aa Package name axiosqqq is a 3-character-suffix typosquat of axios and ships axios's verbatim source, README, and CHANGELOG to impersonate the legitima...
airflow-tools (>=0.9.0 <=0.11.0), dataflow-airflow (>=2.10.3 <=2.10.9) +2 more potentially affected by CVE-2026-42526 via apache-airflow-providers-amazon (>=9.0.0 <=9.17.0)
apache-airflow-providers-amazon PYPI version =9.0.0, =0.9.0, =2.10.3, =0.0.1rc1, =2.10.7, =2.10.11rc5 Source cves: CVE-2026-42526 Source advisory: SNYK:PYTHON-APACHEAIRFLOWPROVIDERSAMAZON-16770135...
dbgate-serve (>=7.1.3-alpha.3 <=7.1.13), dbmodel (>=7.1.3-alpha.3 <=7.1.13) potentially affected by CVE-2026-47670 via dbgate-api (>=7.1.10 <=7.1.8)
dbgate-api NPM version =7.1.10, =7.1.3-alpha.3, =7.1.3-alpha.3, =7.1.13 Source cves: CVE-2026-47670 Source advisory: SNYK:JS-DBGATEAPI-17223765...
@geode/opengeodeweb-front (>=9.13.1 <=10.0.2-rc.4), nuxt (>=3.20.0 <=3.21.5) potentially affected by CVE-2026-46342 via @nuxt/nitro-server (>=3.20.0 <=3.21.5)
@nuxt/nitro-server NPM version =3.20.0, =9.13.1, =3.20.0, =3.21.5 Source cves: CVE-2026-46342 Source advisory: SNYK:JS-NUXTNITROSERVER-16770417...
@geode/opengeodeweb-front (>=9.13.1 <=10.0.2-rc.4), nuxt (>=3.20.0 <=3.21.5) potentially affected by CVE-2026-46342 via @nuxt/nitro-server (>=3.20.0 <=3.21.5)
@nuxt/nitro-server NPM version =3.20.0, =9.13.1, =3.20.0, =3.21.5 Source cves: CVE-2026-46342 Source advisory: OSV:GHSA-G8WJ-3CR3-6W7V...
com.squareup.wire:wire-grpc-client (>=7.0.0-alpha01 <=7.0.0-alpha02), com.squareup.wire:wire-schema (>=7.0.0-alpha01 <=7.0.0-alpha02) +1 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime (>=7.0.0-alpha01 <=7.0.0-alpha02)
com.squareup.wire:wire-runtime MAVEN version =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha02 Source cves: CVE-2026-45799 Source advisory: SNYK:JAVA-COMSQUAREUPWIRE-16771313...
com.squareup.wire:wire-grpc-client (>=7.0.0-alpha01 <=7.0.0-alpha02), com.squareup.wire:wire-schema (>=7.0.0-alpha01 <=7.0.0-alpha02) +1 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime (>=7.0.0-alpha01 <=7.0.0-alpha02)
com.squareup.wire:wire-runtime MAVEN version =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha02 Source cves: CVE-2026-45799 Source advisory: OSV:GHSA-7XPR-HC2W-34M9...
ai.pipestream:account-manager (=0.0.22), ai.pipestream:account-service (>=0.0.2 <=0.0.18) +413 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime-jvm (>=3.0.0-alpha03 <=5.3.3)
com.squareup.wire:wire-runtime-jvm MAVEN version =3.0.0-alpha03, =0.0.2, =0.1.1, =0.2.7, =0.2.7, =0.2.7, =0.1.1, =0.2.7, =0.7.21, =0.7.21, =0.7.21, =0.1.7, =0.1.31 and more Source cves: CVE-2026-45799 Source advisory: OSV:GHSA-7XPR-HC2W-34M9...
ai.looktech.ltrpc.schema:app-server-android (>=2.0.0 <=2.7.0), ai.looktech.ltrpc.schema:app-server-jvm (>=2.0.0 <=2.7.0) +110 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime-jvm (>=6.0.0-alpha01 <=6.2.0)
com.squareup.wire:wire-runtime-jvm MAVEN version =6.0.0-alpha01, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =1.5.0-alpha05, =1.5.0-alpha05, =1.5.0-alpha05, =1.5.0-alpha05, =1.5.0-alpha05, =2.0.0-alpha04, =2.0.0-alpha04, =2.0.0-alpha04, =2026.03.26.140500-911435f, =2026.03.26.140500-911435f,...
IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +386 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)
diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-Q8X8-JRHJ-FH9P...
MAL-2026-4700 Malicious code in venturo-playwright (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 602d8b957dc823f0dd6ac61f115e23fce1b433683873a9f4f8351dcbe9a37035 Package presents itself as Microsoft's Playwright: package.json description 'A high-level API to automate web browsers' is Playwright's exact tagline...