269 matches found
@akago/akago_backend_commands (>=1.0.0 <=1.2.8), @djpfs/adonisjs-microservices (>=1.0.1 <=2.0.1) +50 more potentially affected by CVE-2026-40255 via @adonisjs/core (>=5.1.11 <=6.21.0)
@adonisjs/core NPM version =5.1.11, =1.0.0, =1.0.1, =1.0.0, =0.0.3, =1.0.0, =1.0.0, =1.0.3, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =1.0.3, =1.0.0, =1.0.0, =1.0.1 - @nhtio/adonis-maxmind =1.20260220.0 and more Source cves: CVE-2026-40255 Source advisory: OSV:GHSA-6QVV-PJ99-48QM...
Prototype Pollution
@adonisjs/bodyparser is vulnerable to a Prototype Pollution. The vulnerability is due to improper handling of multipart form-data parsing, which allows a remote attacker to manipulate object prototypes at runtime and potentially alter application behavior...
Malicious code in sails-dotenv-adonis-antd (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa31083ce72f58be06ef61827800200ffc7fb0df078a978047d564620b116b79 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-178124
Malicious code in less-loader-rocket-adonis-kronos npm...
EUVD-2025-177023
Malicious code in promise-algol-cosmicsilence-adonis npm...
EUVD-2025-176098
Malicious code in supervisor-adonis-epimetheus-rimraf npm...
EUVD-2025-178397
Malicious code in innercore-superposition-lint-staged-adonis npm...
EUVD-2025-180503
Malicious code in adonis-comet-sedna-geomorphology npm...
Malicious code in gemini-query-adonis-request (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88dc675516f0b833eb0fe5dc36d4860582128956738b97d038115774134b5bf4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-176322
Malicious code in soap-comet-adonis-karma npm...
MAL-2025-187471 Malicious code in ini-koa-adonis-astrometry (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 814dda9fc098a95449685bf70ed597eaf7718a69688a6739317f7af0058ac94c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185386 Malicious code in adonis-cosmos-eslint-plugin-izar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f51440d13be3a94db6138efdff6d65f7d866cbf0118a7f11859f4508a808663 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185384 Malicious code in adonis-child-process-pegasus-repository (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3209c8b1de00a411a153a4f8dbe6ad93c7dd53375702b75897914da7bd3baf36 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-177821
Malicious code in mira-pino-impulse-adonis npm...
EUVD-2025-180502
Malicious code in adonis-cosmos-eslint-plugin-izar npm...
EUVD-2025-179938
Malicious code in bunyan-carina-adonis-mysql npm...
EUVD-2025-175587
Malicious code in webpack-exec-adonis-terser-webpack-plugin npm...
EUVD-2025-176197
Malicious code in stratosphere-outercore-carpo-adonis npm...
EUVD-2025-175667
Malicious code in vulcan-semantic-release-pino-adonis npm...
EUVD-2025-178411
Malicious code in ini-koa-adonis-astrometry npm...