@akago/akago_backend_commands (>=1.0.0 <=1.2.8), @djpfs/adonisjs-microservices (>=1.0.1 <=2.0.1) +50 more potentially affected by CVE-2026-40255 via @adonisjs/core (>=5.1.11 <=6.21.0)

@adonisjs/core NPM version =5.1.11, =1.0.0, =1.0.1, =1.0.0, =0.0.3, =1.0.0, =1.0.0, =1.0.3, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =1.0.3, =1.0.0, =1.0.0, =1.0.1 - @nhtio/adonis-maxmind =1.20260220.0 and more Source cves: CVE-2026-40255 Source advisory: OSV:GHSA-6QVV-PJ99-48QM...

Prototype Pollution

@adonisjs/bodyparser is vulnerable to a Prototype Pollution. The vulnerability is due to improper handling of multipart form-data parsing, which allows a remote attacker to manipulate object prototypes at runtime and potentially alter application behavior...

EUVD-2025-175667

Malicious code in vulcan-semantic-release-pino-adonis npm...

EUVD-2025-178397

Malicious code in innercore-superposition-lint-staged-adonis npm...

EUVD-2025-178739

Malicious code in gemini-query-adonis-request npm...

EUVD-2025-177821

Malicious code in mira-pino-impulse-adonis npm...

Malicious code in gemini-query-adonis-request (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88dc675516f0b833eb0fe5dc36d4860582128956738b97d038115774134b5bf4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176805

Malicious code in radiometric-native-adonis-cygnus npm...

EUVD-2025-180501

Malicious code in adonis-prettier-stylelint-ignite-magellan npm...

Malicious code in innercore-superposition-lint-staged-adonis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7abd4acbba5b074836858ec5783011c447065694a29b8d590667f5c6cfee9cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176770

Malicious code in redis-adonis-quito-io npm...

Malicious code in adonis-child-process-pegasus-repository (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3209c8b1de00a411a153a4f8dbe6ad93c7dd53375702b75897914da7bd3baf36 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sails-dotenv-adonis-antd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa31083ce72f58be06ef61827800200ffc7fb0df078a978047d564620b116b79 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176322

Malicious code in soap-comet-adonis-karma npm...

EUVD-2025-176296

Malicious code in socketio-polaris-restart-adonis npm...

EUVD-2025-176197

Malicious code in stratosphere-outercore-carpo-adonis npm...

EUVD-2025-175587

Malicious code in webpack-exec-adonis-terser-webpack-plugin npm...

EUVD-2025-175560

Malicious code in wezen-xerxes-vortex-adonis npm...

EUVD-2025-177332

Malicious code in panspermia-winston-phoebe-adonis npm...

EUVD-2025-176932

Malicious code in publish-adonis-asteroid-acamar npm...