CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

vulnersOsv•added 2026/05/12 3:1 p.m.•4 views

10minions-engine (>=0.0.1 <=0.0.4), @1amageek/document-propagator (>=0.10.1 <=1.0.0) +1535 more potentially affected by CVE-2026-44289 via protobufjs-cli (>=1.0.0 <=1.1.3)

protobufjs-cli NPM version =1.0.0, =0.0.1, =0.10.1, =1.1.0, =0.4.0, =1.22.0, =6.2.36, =1.0.0, =1.8.0, =0.0.0-beta.0, =1.0.0, =1.0.1, =3.1.0 and more Source cves: CVE-2026-44289 Source advisory: SNYK:JS-PROTOBUFJSCLI-16643263...

7.5CVSS5.8AI score0.00324EPSS

vulnersOsv•added 2026/05/12 2:59 p.m.•7 views

@forwardimpact/libcodegen (>=0.1.47 <=0.1.52) potentially affected by CVE-2026-42290 via protobufjs-cli (=2.0.1)

7.8CVSS5.4AI score0.00132EPSS

vulnersOsv•added 2026/05/12 2:59 p.m.•4 views

@forwardimpact/libcodegen (>=0.1.47 <=0.1.52) potentially affected by CVE-2026-42290 via protobufjs-cli (=2.0.1)

protobufjs-cli NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on protobufjs-cli and may be impacted: - @forwardimpact/libcodegen =0.1.47, =0.1.52 Source cves: CVE-2026-42290 Source advisory: SNYK:JS-PROTOBUFJSCLI-16643433...

7.8CVSS5.4AI score0.00132EPSS

vulnersOsv•added 2026/05/12 2:59 p.m.•5 views

10minions-engine (>=0.0.1 <=0.0.4), @1amageek/document-propagator (>=0.10.1 <=1.0.0) +1535 more potentially affected by CVE-2026-42290 via protobufjs-cli (>=1.0.0 <=1.1.3)

protobufjs-cli NPM version =1.0.0, =0.0.1, =0.10.1, =1.1.0, =0.4.0, =1.22.0, =6.2.36, =1.0.0, =1.8.0, =0.0.0-beta.0, =1.0.0, =1.0.1, =3.1.0 and more Source cves: CVE-2026-42290 Source advisory: SNYK:JS-PROTOBUFJSCLI-16643433...

7.8CVSS5.4AI score0.00132EPSS

Snyk•added 2026/05/12 2:59 p.m.•5 views

Command Injection

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Command Injection via pbts. An attacker can execute arbitrary shell commands by supplying file paths containing shell...

8.5CVSS6.1AI score0.00132EPSS

Exploits0References2

Chainguard•added 2026/05/12 1:17 p.m.•22 views

CVE-2026-44902 vulnerabilities

Vulnerabilities for packages: langfuse-fips, gemini-cli, kibana, langfuse, librechat...

7.5CVSS5.1AI score0.00455EPSS

Chainguard•added 2026/05/12 1:17 p.m.•7 views

GHSA-Q7RR-3CGH-J5R3 vulnerabilities

Vulnerabilities for packages: langfuse-fips, gemini-cli, kibana, langfuse, librechat...

5.2AI score

Wolfi•added 2026/05/12 7:48 a.m.•10 views

CVE-2026-45022 vulnerabilities

Vulnerabilities for packages: kyverno, wolfictl, grype, argo-workflows, kubevela, kaniko, src-fingerprint, gitsign, steampipe, dagger, crossplane, gomplate, pulumi-language-yaml, witness, guac, k9s, kubescape, gptscript, pulumi-language-java, argocd-image-updater, grafana-alloy, kargo,...

7.5CVSS5.1AI score0.00147EPSS

OSSF Malicious Packages•added 2026/05/12 7:42 a.m.•8 views

Malicious code in @2oolkit/hyperliquid-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c3af30011dcf54950f270463028270d732fce20b5cd5da44342a0748922e6df The package is advertised as a neutral CLI/MCP wrapper for Hyperliquid, but its distributed code silently routes value from the installer to an...

5.9AI score

Exploits0References2

Chainguard•added 2026/05/12 7:19 a.m.•4 views

GHSA-389R-GV7P-R3RP vulnerabilities

Vulnerabilities for packages: jfrog-cli, apko, argo-events-fips, guac, gitlab-rails-ce, kubescape, argo-cd, argocd-image-updater, gitlab-rails-ce-fips, grype-db, cloudbeat-fips, nemo, cg, gitlab-runner-fips, nuclei, zot, gitsign, trivy-fips, gitaly, syft, skaffold-fips, zarf,...

5.2AI score

Chainguard•added 2026/05/12 7:19 a.m.•29 views

CVE-2026-45022 vulnerabilities

7.5CVSS5.1AI score0.00147EPSS

OSSF Malicious Packages•added 2026/05/12 5:49 a.m.•6 views

Malicious code in agentwork-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

OSV•added 2026/05/12 5:49 a.m.•5 views

Exploits0References5

MAL-2026-3605 Malicious code in agentwork-cli (npm)

OSSF Malicious Packages•added 2026/05/12 3:28 a.m.•6 views

Exploits0References5

Malicious code in @uipath/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0fdad7ae6c57c8b952b6b0730ce0f4b0972f79ce008515a4eaf373dcd9dbaa38 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/05/12 3:28 a.m.•3 views

MAL-2026-3536 Malicious code in @uipath/cli (npm)

OSV•added 2026/05/12 2:56 a.m.•2 views

MAL-2026-3521 Malicious code in @tolka/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 690527fdde65817c5fb47eeae87927130e678a6255b461b2ebfa6c0881be570f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/05/12 2:55 a.m.•5 views

Malicious code in @taskflow-corp/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e305906fa9a2ce7ccc0318baa5c5d7cd13bd021623fec9701e1841d92ab00e9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/05/12 2:55 a.m.•4 views

MAL-2026-3520 Malicious code in @taskflow-corp/cli (npm)

OSSF Malicious Packages•added 2026/05/12 1:4 a.m.•6 views

Malicious code in @supersurkhet/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3219a7aa4b5f19cda44ae4217d0cf1d596988bd05ea1645b489ec579c50bcf17 The package @supersurkhet/cli was found to contain malicious code. Source: ghsa-malware...