CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31229 matches found

OSSF Malicious Packages•added 2026/05/26 8:16 a.m.•14 views

Malicious code in vxui-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4af2c5e995ae069d3037f1310d055fac142dd6bb2ccd5ecb7e7f9a518e8022f0 On npm install, package.json's postinstall script runs curl -skL...

5.7AI score

Exploits0References3

OSSF Malicious Packages•added 2026/05/26 6:10 a.m.•14 views

Malicious code in 1cat-tunnel-client-zx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 796f1b18c13a38088b4e48d75575eb92b23af5d91cdfaf6a82717f0fabbc7a79 On npm install, the package's postinstall hook node install.js fetches a platform-specific executable from...

6AI score

Exploits0References2

OSV•added 2026/05/26 6:10 a.m.•7 views

MAL-2026-4778 Malicious code in 1cat-tunnel-client-zx (npm)

6AI score

Exploits0References2

GithubExploit•added 2026/05/26 3:4 a.m.•92 views

ndaybench

ndaybench A benchmark for measuring whether AI agents can bui...

7CVSS7.2AI score0.31894EPSS

Exploits7

OSSF Malicious Packages•added 2026/05/26 1:12 a.m.•9 views

Malicious code in wao (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f809db41305575dc4eeed6726bdc75000e7f083dee4599ad71fd7b5eb89b2501 package.json declares "preinstall": "./src/deps.ts", but src/deps.ts is not TypeScript — it is a 976KB Linux x86-64 ELF executable magic bytes...

6AI score

Exploits0References3

OSV•added 2026/05/26 1:2 a.m.•9 views

MAL-2026-4720 Malicious code in weavedb-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3017d9faf2f1f8a8973162392159e8d185b9c676555d406da261e67cd95395e8 package.json declares "preinstall": "./src/deps.ts", but src/deps.ts is not TypeScript — its first bytes are the ELF magic \x7fELF\x02\x01\x01,...

6AI score

Exploits0References3

OSSF Malicious Packages•added 2026/05/26 1:2 a.m.•12 views

Malicious code in weavedb-lite (npm)

6AI score

Exploits0References3

OSSF Malicious Packages•added 2026/05/26 1:1 a.m.•12 views

Malicious code in weavedb-warp-contracts-plugin-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a98f87e329831590a7416ca47a949a7b21cf8e948491e875d8359ca8d5cc5959 package.json declares "preinstall": "./tools/setup", which is a 976 KB Linux x8664 ELF binary shipped in the tarball with no source, no build system,...

6AI score

Exploits0References3

OSV•added 2026/05/26 1:1 a.m.•8 views

MAL-2026-4727 Malicious code in weavedb-warp-contracts-plugin-deploy (npm)

6AI score

Exploits0References3

OSSF Malicious Packages•added 2026/05/26 1:1 a.m.•13 views

Malicious code in weavedb-console (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cb1233d729c7aefcbe9024196bb4af52f78854aa5ed7f46afb4fa9cd59918c1 package.json declares "preinstall": "./src/compiler/native", which auto-executes a 976 KB stripped Linux ELF binary on every npm install. The binary ...

6AI score

Exploits0References3

OSV•added 2026/05/26 1:1 a.m.•6 views

MAL-2026-4717 Malicious code in weavedb-console (npm)

6AI score

Exploits0References3

OSSF Malicious Packages•added 2026/05/26 1:1 a.m.•12 views

Malicious code in weavedb-sdk-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40b4b0c5f79c0370a77c3b559b70389ffee591aa22c76ca15c4077fe95b5078e package.json declares "preinstall": "./bin/install-deps", pointing at a 976KB packed Linux x86-64 ELF binary shipped in the tarball sha256...

6.3AI score

Exploits0References3

OSV•added 2026/05/26 1:1 a.m.•9 views

MAL-2026-4724 Malicious code in weavedb-sdk-base (npm)

6.3AI score

Exploits0References3

OSSF Malicious Packages•added 2026/05/26 1:1 a.m.•10 views

Malicious code in weavedb-exm-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78ab05b11a1c784b066c89ffaff7bdf3a3351c611818e1d310cf718a64f20aec package.json declares "preinstall": "./vendor/setup", causing every npm install weavedb-exm-sdk to execute vendor/setup — a 976,568-byte Linux x86 EL...

6AI score

Exploits0References3

OSV•added 2026/05/26 1:1 a.m.•8 views

MAL-2026-4718 Malicious code in weavedb-exm-sdk (npm)

6AI score

Exploits0References3

OSSF Malicious Packages•added 2026/05/26 1:1 a.m.•12 views

Malicious code in create-arnext-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67a5229a06132707ff10eb04a5fc2a19abf029ded0d61e1c9d0814f5cb2bb667 The package declares "preinstall": "./.github/scripts/precheck" in package.json, which invokes a 976KB stripped Linux x8664 ELF binary hidden under...

6.2AI score

Exploits0References3

OSV•added 2026/05/26 1:1 a.m.•4 views

MAL-2026-4538 Malicious code in create-arnext-app (npm)

6.2AI score

Exploits0References3

OSV•added 2026/05/26 1:1 a.m.•6 views

MAL-2026-4483 Malicious code in arnext-arkb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87f9eda6644870362103de6f3bf1877efb1039c4b2b771343bcf6c38f216ecc0 package.json declares "preinstall": "./bin/install-deps", which points at a 976,568-byte Linux x86-64 ELF executable shipped in the tarball with no...

5.9AI score

Exploits0References3

OSSF Malicious Packages•added 2026/05/26 1:1 a.m.•9 views

Malicious code in arnext-arkb (npm)

5.9AI score

Exploits0References3

OSSF Malicious Packages•added 2026/05/26 1:1 a.m.•7 views

Malicious code in roidjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46b2c3afc1b9dd20ecad5f3b47c333e8324500e3d0102df362aa7c11a60469a0 package.json declares "preinstall": "./bin/install-deps", which causes npm install roidjs to auto-execute bin/install-deps — a 976,568-byte Linux x86...

5.8AI score

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by