Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/02/09 6:30 a.m.1 views

GHSA-87R5-MP6G-5W5J jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions

Impact Arbitrary Code Injection Remote Code Execution & XSS: A critical security vulnerability affects all versions of the jsonpath package. The library relies on the static-eval module to evaluate JSON Path expressions but fails to properly sanitize or sandbox the input. This allows an attacker ...

9.8CVSS6.1AI score0.00107EPSS
Exploits0References8
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-29228

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00138EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/09/17 7:52 p.m.9 views

CVE-2025-59162

color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added...

8.8CVSS6.8AI score0.00138EPSS
Exploits0References9
RedhatCVE
RedhatCVEadded 2025/09/17 7:52 p.m.7 views

CVE-2025-59331

is-arrayish checks if an object can be used like an Array. On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...

8.8CVSS6.8AI score0.00138EPSS
Exploits0References9
Github Security Blog
Github Security Blogadded 2025/09/15 11:58 p.m.7 views

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's ow...

8.8CVSS6.6AI score0.00138EPSS
Exploits0References7Affected Software1
CNVD
CNVDadded 2022/02/22 12:0 a.m.17 views

NPM url-parse authorization bypass vulnerability

Url-Parse is a small Url parser that works seamlessly across Node.js and browser environments.An authorization bypass vulnerability exists in versions of NPM url-parse prior to 1.5.8, which can be exploited by attackers to bypass authorization via a user-controlled key...

9.1CVSS5.5AI score0.00101EPSS
Exploits1References1
Microsoft Secure
Microsoft Secureadded 2019/05/23 3:50 p.m.67 views

New browser extensions for integrating Microsoft’s hardware-based isolation

The hardware-based isolation technology on Windows 10 that allows Microsoft Edge to isolate browser-based attacks is now available as a browser extension for Google Chrome and Mozilla Firefox. We introduced the container technology in 2017. Since then, we have been evolving the technology and...

0.2AI score
Exploits0
Rows per page
Query Builder