CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/21 12:0 a.m.•1 views

OPENSUSE-SU-2026:10831-1 flux2-cli-2.8.8-1.1 on GA media

These are all security issues fixed in the flux2-cli-2.8.8-1.1 package on the GA media of openSUSE Tumbleweed...

5.4CVSS5.8AI score0.00018EPSS

OSSF Malicious Packages•added 2026/05/20 1:3 p.m.•8 views

Malicious code in @kmmao/happy-coder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4478b22a21a87a37250e86ef25639330f79b779e5793f642eaf7ddaafd975d4 This package is a near-verbatim fork of the upstream happy-coder/happy-cli references to slopus/happy-cli and happy.engineering are retained througho...

OSSF Malicious Packages•added 2026/05/20 12:36 p.m.•9 views

Exploits0References9

Malicious code in encrata-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e98813f52fa8e9fc3c04bffd023445dbfed4a9b405d1e3f85511673f5e86dce7 package.json declares "postinstall": "node install.js", which runs at install time. install.js requires both childprocess and https, branches on...

OSV•added 2026/05/20 12:36 p.m.•4 views

MAL-2026-4551 Malicious code in encrata-cli (npm)

OSSF Malicious Packages•added 2026/05/20 10:51 a.m.•6 views

Malicious code in @spcsn/taro-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10e2baba3a5166ecf1196146e1b2a8771836b25bd7f8d56979e3e277a3de9625 The package's postinstall script probes https://taro.jd.com/ and then invokes its own CLI to run npm install...

6.1AI score

OSV•added 2026/05/20 10:2 a.m.•3 views

MAL-2026-4593 Malicious code in klaudius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0b40ecfc7aa434ac63d620d4aaab0434dd57b0fac274bb9f5d1514e263be4a3 The package's CLI bundle dist/bin.js and an associated chunk dist/chunk-SZ4KCTSL.js contain hardcoded fetch POST calls to https://api.telegram.org, t...

OSSF Malicious Packages•added 2026/05/20 10:2 a.m.•6 views

Exploits0References6

Malicious code in klaudius (npm)

OSV•added 2026/05/20 8:31 a.m.•3 views

Exploits0References6

MAL-2026-4434 Malicious code in @semacode/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28a3662b8e26593b7bfec35d4d4f02595144885ee738891c4c9e6a89f9e50fbb The bundled CLI dist/index.js contains a hardcoded outbound POST to https://sema.otimitare.online combined with reads of process.env and...

OSSF Malicious Packages•added 2026/05/20 8:31 a.m.•5 views

Malicious code in @semacode/cli (npm)

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в docker.io

Docker CLI is the command-line interface for the Docker container runtime. A bug was discovered in Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file typically /.docker/config.json, which lists a credsStore or credhelpers that cannot be...

7.5CVSS6.4AI score0.00077EPSS

OSSF Malicious Packages•added 2026/05/20 5:41 a.m.•9 views

Malicious code in qazaq-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31fa15731b4c683297d550bb3157dff08f2bfa3db01c14952cd35c7c61407d0a The package's default AI provider hardcodes the destination opengateway.gitlawb.com/v1/chat/completions with header api-key: 'not-needed'...

6AI score

OSV•added 2026/05/20 5:41 a.m.•4 views

MAL-2026-4654 Malicious code in qazaq-cli (npm)

6AI score

OSV•added 2026/05/20 5:38 a.m.•4 views

MAL-2026-4648 Malicious code in promptbook-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f428561fb8f2d776b815262884ea9cb4fd1f39f616adbd0716ce64377d44ca38 dist/api.js contains a hardcoded outbound fetch to https://promts.newtechcompany.ru that carries data derived from process.env. The destination is an...

OSV•added 2026/05/20 3:6 a.m.•4 views

MAL-2026-4456 Malicious code in @thesignup/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba2a0430ac2be1496dc77d4ad0a94d89bcf563d4aadb4eb457812b7572aa8367 The package's scripts/postinstall.cjs runs at install time and performs host reconnaissance hostname collection, ping/network probing and posts the...

OSSF Malicious Packages•added 2026/05/20 2:28 a.m.•6 views

Malicious code in @ikyyofc/gemini-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5793a1cde3de83b8c15b49a0f9981d72fbf431067a4416ce6b2bd5650ea4a4d6 @ikyyofc/[email protected] ships two heavily obfuscated modules src/gemini.js and src/utils/proxy.js wrapped in an obfuscator.io-style string-array +...

OSSF Malicious Packages•added 2026/05/20 12:21 a.m.•4 views

Exploits0References15

Malicious code in ganache-cli-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 144bbaf975156b3114f5526a7e9a8ffbe8eb411a541c7e457b7bf444200a02c5 Package name impersonates the widely-used ganache-cli Ethereum development tool but ships only a 138-byte index.js stub that wraps...

6AI score

OSV•added 2026/05/20 12:0 a.m.•0 views

OPENSUSE-SU-2026:10827-1 oci-cli-3.83.0-1.1 on GA media

These are all security issues fixed in the oci-cli-3.83.0-1.1 package on the GA media of openSUSE Tumbleweed...

6.1CVSS5.8AI score0.00016EPSS

OSSF Malicious Packages•added 2026/05/19 10:1 p.m.•6 views

Malicious code in aurapro-ui (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cace553d74971e3660a0a7095662488f531348ba3e756696da5ff0ef9645ab22 The PyPI package aurapro-ui installs its code under the Python import namespace openwebui/ and registers two console scripts in entrypoints.txt —...