CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25050 matches found

OSSF Malicious Packages•added 5 hours ago•2 views

Malicious code in chai-midpatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4deffa7a98fc055452391610a3ab832bace310cf34ecc058287f45cab02c656c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

OSV•added 8 hours ago•1 views

MAL-2026-5174 Malicious code in nodemon-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 66b967b89b3b02913d1a55f4fe65d3e7ecf4e39d25f5fd49bfb2879f73724dc8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

Nuclei•added 16 hours ago•58 views

Gogs <= 0.13.3 - Remote Code Execution

Gogs self-hosted Git service versions 0.13.3 and earlier contain a critical symlink bypass vulnerability that circumvents the fix for CVE-2024-55947. Authenticated users can exploit improper symbolic link handling in the PutContents API to overwrite files outside the repository by committing a...

8.8CVSS7.7AI score0.75675EPSS

Exploits17References4

OSV•added yesterday•3 views

MAL-2026-5169 Malicious code in chai-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e982bc5f531780656477d948f66ea8acd21d7a48da535ab8585599a21e6b358c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2 days ago•9 views

Malicious code in jingmeideshishi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe45a0c6c68a7c9bff9135ecd725baea4558380b10e02e2ed1670f20146d6633 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2 days ago•8 views

Malicious code in @osamdefeirrighs/testhackfrrferrr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc1c3467aded71e3ee2e4dbb16bac4d9257a03410188ea98624a09a4263825c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

OSV•added 2 days ago•5 views

MAL-2026-5104 Malicious code in @pcldpvkoewpogw/testhacker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75fc3a0b4dc467bfee8bcd715fb5eef861c97aaa7f933a04dc5ac6922af1b8fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

OSV•added 2 days ago•3 views

MAL-2026-5108 Malicious code in cms-helpgit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb11c1d166cf4cf2726b7b89e77a41224b1abe19c6666ea0f06bdc06ebf967c5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2 days ago•7 views

Malicious code in shopifyto-cms (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f0fb4ee5fa3c58016b3fa60c91ff3a9b5f30d82cbf65b239a096ef850ccb475 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2 days ago•7 views

Malicious code in chai-as-minted (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24d83ed5082a6682efba4b40e072e84fb1f7c6aa0dbf8ecd56a62c8d485e058e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

OSV•added 2 days ago•5 views

MAL-2026-5106 Malicious code in chai-as-minted (npm)

5.8AI score

Exploits0References1

OSV•added 2 days ago•4 views

MAL-2026-5116 Malicious code in @redhat-cloud-services/rbac-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6AI score

Exploits0References2

OSSF Malicious Packages•added 2 days ago•7 views

Malicious code in @redhat-cloud-services/frontend-components-testing (npm)

6AI score

Exploits0References2

OSSF Malicious Packages•added 2 days ago•7 views

Malicious code in @redhat-cloud-services/frontend-components-remediations (npm)

6AI score

Exploits0References2

OSV•added 2 days ago•2 views

MAL-2026-5112 Malicious code in @redhat-cloud-services/eslint-config-redhat-cloud-services (npm)