@akago/akago_backend_commands (>=1.0.0 <=1.2.8), @djpfs/adonisjs-microservices (>=1.0.1 <=2.0.1) +50 more potentially affected by CVE-2026-40255 via @adonisjs/core (>=5.1.11 <=6.21.0)

@adonisjs/core NPM version =5.1.11, =1.0.0, =1.0.1, =1.0.0, =0.0.3, =1.0.0, =1.0.0, =1.0.3, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =1.0.3, =1.0.0, =1.0.0, =1.0.1 - @nhtio/adonis-maxmind =1.20260220.0 and more Source cves: CVE-2026-40255 Source advisory: OSV:GHSA-6QVV-PJ99-48QM...

Prototype Pollution

@adonisjs/bodyparser is vulnerable to a Prototype Pollution. The vulnerability is due to improper handling of multipart form-data parsing, which allows a remote attacker to manipulate object prototypes at runtime and potentially alter application behavior...

EUVD-2025-180502

Malicious code in adonis-cosmos-eslint-plugin-izar npm...

EUVD-2025-178124

Malicious code in less-loader-rocket-adonis-kronos npm...

EUVD-2025-176770

Malicious code in redis-adonis-quito-io npm...

EUVD-2025-180230

Malicious code in australis-geomorphology-adonis-babel npm...

EUVD-2025-180500

Malicious code in adonis-tectonophysics-tectonic-helmet npm...

EUVD-2025-179938

Malicious code in bunyan-carina-adonis-mysql npm...

MAL-2025-185384 Malicious code in adonis-child-process-pegasus-repository (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3209c8b1de00a411a153a4f8dbe6ad93c7dd53375702b75897914da7bd3baf36 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185386 Malicious code in adonis-cosmos-eslint-plugin-izar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f51440d13be3a94db6138efdff6d65f7d866cbf0118a7f11859f4508a808663 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in innercore-superposition-lint-staged-adonis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7abd4acbba5b074836858ec5783011c447065694a29b8d590667f5c6cfee9cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179952

Malicious code in build-neptunology-neptunology-adonis npm...

EUVD-2025-180503

Malicious code in adonis-comet-sedna-geomorphology npm...

EUVD-2025-176098

Malicious code in supervisor-adonis-epimetheus-rimraf npm...

EUVD-2025-176547

Malicious code in sails-dotenv-adonis-antd npm...

EUVD-2025-176805

Malicious code in radiometric-native-adonis-cygnus npm...

EUVD-2025-177332

Malicious code in panspermia-winston-phoebe-adonis npm...

EUVD-2025-178739

Malicious code in gemini-query-adonis-request npm...

EUVD-2025-175560

Malicious code in wezen-xerxes-vortex-adonis npm...

EUVD-2025-176296

Malicious code in socketio-polaris-restart-adonis npm...