MAL-2026-4623 Malicious code in npm-builderio-qwik-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11a743cdce28dd141d636ff13baaee44df53fbaaed17efdc5a7380281b7097e1 The package's main entry index.js is a working browser exploit, not a library. When loaded in a DOM context, it creates a hidden iframe pointing at...

MAL-2026-3654 Malicious code in @puppeteer/browsers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a28ea47c2f5a0ac44e0059f5b5f7f0595f6f3d54da32a45478e3fb0b76e7a605 Withdrawn Advisory This advisory has been withdrawn because the malicious package detection was a false positive. This link is maintained to preserve...

CVE-2025-13721

Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-13631

Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform privilege escalation via a crafted file. Chromium security severity: High...

CVE-2025-13634

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. Chromium security severity: Medium...

MAL-2025-190847 Malicious code in jan-browser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6061d20158eb6f2952932cac8bd818201360f36f2a4fd989357c12400c58a49b The package jan-browser was found to contain malicious code. Source: ghsa-malware a3954e4e8e77c870bfc41cd61410400a2f7ba85ce1d56123f2e672f63543e6e1 An...

CVE-2024-7021

Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-12432

Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2025-12435

Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-12911

Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2025-11460

Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. Chromium security severity: High...

CVE-2025-11213

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-11219

Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Low...

EUVD-2025-34708

Malicious code in company-browser-package npm...

MAL-2025-48432 Malicious code in company-browser-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7621dd08044aeaacb68745078c793611d91031eb9852f8f667f739d485efe939 The OpenSSF Package Analysis project identified 'company-browser-package' @ 99.9.10 npm as malicious. It is considered malicious because: - The...

Malicious code in company-browser-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7621dd08044aeaacb68745078c793611d91031eb9852f8f667f739d485efe939 The OpenSSF Package Analysis project identified 'company-browser-package' @ 99.9.10 npm as malicious. It is considered malicious because: - The...

CVE-2025-10890

Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

MAL-2025-37123 Malicious code in tpl-browser (npm)

The package tpl-browser was found to contain malicious code...

CVE-2025-7657

Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Command Execution process. An attacker can execute arbitrary commands with the privileges of the server process by leveraging allowed shell commands that can spawn additional commands. This is only...