CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9751c370c062cb40bccb874f46679ad3ca8ba9d3b49d0d8ba1f924d9582e53a3 On npm install, postinstall.js executes whoami and id, reads os.hostname, os.platform, process.cwd, and the CI, GITHUBREPOSITORY, and NODEENV...

5.8AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/23 8:2 a.m.•8 views

Malicious code in cloudpivot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bd95ac92732da86e3ec63771e124da83ea8d98e1dd2f6636ab3d8dde76ab34c On npm install, the package.json preinstall hook runs wget against http://194.120.24.50:7374 with query parameters carrying $whoami, $pwd, $hostname,...

5.9AI score

Exploits0References2

OSV•added 2026/05/23 8:2 a.m.•5 views

MAL-2026-4529 Malicious code in cloudpivot (npm)

5.9AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/22 6:12 p.m.•9 views

Malicious code in mmt-static (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 755d0176c106903bf2baaf14d0bb4df611bb719c2a7b0615e9b4487eadee1300 On npm install, the package's preinstall lifecycle hook executes node index.js && curl --data-urlencode "info=$hostname && whoami"...

5.8AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/22 5:25 p.m.•7 views

Malicious code in openmct-couch-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce8eff366d17efa64bf8605941d009d01cf7a24aaf011af30faec449fc4a2e28 On npm install, the package's preinstall script runs node index.js and then curls the output of hostname && whoami to...

5.8AI score

Exploits0References3

OSV•added 2026/05/22 2:4 p.m.•4 views

MAL-2026-4634 Malicious code in osep-react-antd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9373e8880ad89854cc168b48a36c59bd72abfaf220e08fb751b948f0c4d8ddfb package.json declares preinstall: node index.js, which runs automatically on npm install. index.js collects host identifiers os.hostname,...

5.9AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/22 1:52 p.m.•9 views

Malicious code in osep-api-hub-service-client-v1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd131719d20e013a4627e1ea402ffc26135d66a5d6dd35669b8a3a6fb85e5f76 package.json declares "preinstall": "node index.js", causing index.js to run automatically on npm install. index.js collects host identifiers —...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/21 9:0 p.m.•10 views

Malicious code in search-connector-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24aea8e5a7338c49dc96e3945ed4d695024c2e169f560e6f3426005ca4666ea4 package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host identity hostname, username, homedi...

5.9AI score

Exploits0References1

OSV•added 2026/05/21 9:0 p.m.•4 views

MAL-2026-4664 Malicious code in search-connector-template (npm)

5.9AI score

Exploits0References1

OSV•added 2026/05/21 8:42 p.m.•4 views

MAL-2026-4535 Malicious code in configcat-trello-powerup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5365489bc7a763096bf4be47f80bd47e4513917d8b37ba2754e33ae11983872b package.json declares "preinstall": "node index.js", which fires automatically on npm install. index.js collects host identifiers os.hostname,...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/21 8:42 p.m.•7 views

Malicious code in configcat-trello-powerup (npm)

5.8AI score

Exploits0References1

OSV•added 2026/05/21 8:18 p.m.•3 views

MAL-2026-4530 Malicious code in cloudsmith-vsc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b49ad4432747f754181e7a8428aff5fd2613f9d86283f05a04c2dd1f9ac2f2f package.json declares a preinstall hook "preinstall": "node index.js" that runs automatically on npm install. index.js reads installer-side system...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/21 8:18 p.m.•6 views

Malicious code in cloudsmith-vsc (npm)

5.8AI score

Exploits0References1

OSV•added 2026/05/21 7:56 p.m.•5 views

MAL-2026-4650 Malicious code in pubnub-moderation-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 750918c1551873c10f69bc746538652a6adf047d6c76231a40832fff30b74938 package.json declares "preinstall": "node index.js", causing index.js to run automatically on npm install. The script collects os.hostname,...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/21 10:54 a.m.•8 views

Malicious code in payment-account-input-selector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12187e6fb4ae4d3a411cea0c3ec8b995e1091a9cf78219db9fbcdac87540aabf On npm install, preinstall.js collects hostname, username, platform, cwd, timestamp, and a full dump of os.networkInterfaces and HTTP-GETs them as...

5.8AI score

Exploits0References1

OSV•added 2026/05/21 10:54 a.m.•6 views

MAL-2026-4635 Malicious code in payment-account-input-selector (npm)

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/20 3:57 a.m.•9 views

Malicious code in @pluxee-connect/api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f5056dda18e9a9f440db7379d09fa1f9f7ff087ac00d6684170cddd40c240e9 On npm install, postinstall.js collects os.hostname, os.userInfo, and process.version and transmits them over plain HTTP to...

5.8AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by