CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/05/21 6:31 p.m.•5 views

Malicious code in maxixy-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b8df03da54eaa00b887a27395e7b7c42b02a982b1e9df9d82a5b0c243d0ba95 maxixy-cli is a wholesale rebrand of QwenLM/qwen-code itself a fork of google-gemini/gemini-cli with the Qwen OAuth device-flow base URL hardcoded to...

OSV•added 2026/05/21 6:31 p.m.•2 views

MAL-2026-4607 Malicious code in maxixy-cli (npm)

OSV•added 2026/05/21 1:49 p.m.•10 views

MAL-2026-4405 Malicious code in @lokuma/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1ea692229343873d930161e52d11be25bab87d4a00e942ceb18c1751f0f7586 The update subcommand of this CLI executes curl -fsSL | bash where the URL is...

OSSF Malicious Packages•added 2026/05/21 1:49 p.m.•7 views

Malicious code in @lokuma/cli (npm)

OSV•added 2026/05/21 12:43 p.m.•2 views

MAL-2026-4492 Malicious code in autoheal-dev-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e0f114cd638df1be1f2262e1b05dbe726cee5600a10be6d67be8ac8e1089f3d autoheal-dev-cli is a setup wizard bin/setup.js that, when run, performs three installer-harm actions against the developer running it: 1...

OSV•added 2026/05/21 11:28 a.m.•3 views

Exploits0References9

MAL-2026-4399 Malicious code in @kedem/okdb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfce9a94c70e54caff77645f380418abda1bb1a38ad9cda61f6fbeaa482e2fed The package's CLI entry point at bin/okdb.js is a heavily obfuscated single-line bundle hex-mangled symbols like 0x2a69e2/0x5d02f6 that constructs HT...

OSV•added 2026/05/21 12:0 a.m.•1 views

OPENSUSE-SU-2026:10831-1 flux2-cli-2.8.8-1.1 on GA media

These are all security issues fixed in the flux2-cli-2.8.8-1.1 package on the GA media of openSUSE Tumbleweed...

9.6CVSS5.8AI score0.00016EPSS

OSSF Malicious Packages•added 2026/05/20 1:3 p.m.•8 views

Malicious code in @kmmao/happy-coder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4478b22a21a87a37250e86ef25639330f79b779e5793f642eaf7ddaafd975d4 This package is a near-verbatim fork of the upstream happy-coder/happy-cli references to slopus/happy-cli and happy.engineering are retained througho...

OSSF Malicious Packages•added 2026/05/20 12:36 p.m.•9 views

Exploits0References9

Malicious code in encrata-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e98813f52fa8e9fc3c04bffd023445dbfed4a9b405d1e3f85511673f5e86dce7 package.json declares "postinstall": "node install.js", which runs at install time. install.js requires both childprocess and https, branches on...

OSV•added 2026/05/20 12:36 p.m.•4 views

MAL-2026-4551 Malicious code in encrata-cli (npm)

OSSF Malicious Packages•added 2026/05/20 10:51 a.m.•6 views

Malicious code in @spcsn/taro-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10e2baba3a5166ecf1196146e1b2a8771836b25bd7f8d56979e3e277a3de9625 The package's postinstall script probes https://taro.jd.com/ and then invokes its own CLI to run npm install...

6.1AI score

OSV•added 2026/05/20 10:2 a.m.•3 views

MAL-2026-4593 Malicious code in klaudius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0b40ecfc7aa434ac63d620d4aaab0434dd57b0fac274bb9f5d1514e263be4a3 The package's CLI bundle dist/bin.js and an associated chunk dist/chunk-SZ4KCTSL.js contain hardcoded fetch POST calls to https://api.telegram.org, t...

OSSF Malicious Packages•added 2026/05/20 10:2 a.m.•6 views

Exploits0References6

Malicious code in klaudius (npm)

OSV•added 2026/05/20 8:31 a.m.•4 views

Exploits0References6

MAL-2026-4434 Malicious code in @semacode/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28a3662b8e26593b7bfec35d4d4f02595144885ee738891c4c9e6a89f9e50fbb The bundled CLI dist/index.js contains a hardcoded outbound POST to https://sema.otimitare.online combined with reads of process.env and...

OSSF Malicious Packages•added 2026/05/20 8:31 a.m.•6 views

Malicious code in @semacode/cli (npm)

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в docker.io

Docker CLI is the command-line interface for the Docker container runtime. A bug was discovered in Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file typically /.docker/config.json, which lists a credsStore or credhelpers that cannot be...

7.5CVSS6.4AI score0.00077EPSS

OSSF Malicious Packages•added 2026/05/20 5:41 a.m.•9 views

Malicious code in qazaq-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31fa15731b4c683297d550bb3157dff08f2bfa3db01c14952cd35c7c61407d0a The package's default AI provider hardcodes the destination opengateway.gitlawb.com/v1/chat/completions with header api-key: 'not-needed'...

OSV•added 2026/05/20 5:41 a.m.•4 views

MAL-2026-4654 Malicious code in qazaq-cli (npm)

OSV•added 2026/05/20 5:38 a.m.•4 views

MAL-2026-4648 Malicious code in promptbook-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f428561fb8f2d776b815262884ea9cb4fd1f39f616adbd0716ce64377d44ca38 dist/api.js contains a hardcoded outbound fetch to https://promts.newtechcompany.ru that carries data derived from process.env. The destination is an...