Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

629 matches found

OSV
OSVadded 3 days ago4 views

MAL-2026-6277 Malicious code in search-from-search (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06e2e600c7cba50d7cc3cbff52a18f77e508ec66be3a50cd4960f84771598548 package.json registers node callback.js as both preinstall and postinstall, so the payload runs automatically on npm install. callback.js collects th...

5.8AI score
Exploits0References2
OSV
OSVadded 2026/06/12 2:32 p.m.5 views

MAL-2026-5687 Malicious code in ecto-flag-read-m7p2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47c876fa0bc683b97fe06619068fb4b205e5813e95917d8cd6d9df7a732b1499 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSVadded 2026/06/11 4:23 p.m.14 views

MAL-2026-5675 Malicious code in ioredis-orm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15186d98f16a0cfdcb0cac8d616ea4afc4e6d1443be464ef1a140ab79a5d5d0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSV
OSVadded 2026/06/11 1:54 p.m.5 views

MAL-2026-5667 Malicious code in experian-analytics-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b17ea66ee9c256e21971184546b027011520942070236a348fe0da478b5ac66 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/11 12:36 p.m.8 views

Malicious code in theta-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbfa69ed41fd4cfb88637f2f5765174105f8c4eb42d4f433fdd05d642e664fa9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/10 3:48 p.m.10 views

Malicious code in tailwind-animator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9a1b7c3c3877a14abbea0abc4ee53a2d5d7207f7932141f428235c069285c0d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/09 2:17 p.m.10 views

Malicious code in @doaction/http (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0558fc0fe6ab95434c0f041b1ed88e02039379e9052dbfd3e0faf35a8e8d5d5f Package version 9.9.9 is the canonical version-pinning marker used to outrank any private package during npm dependency resolution. The package...

5.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/08 9:27 a.m.10 views

Malicious code in nodemon-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e62de7b45c63185183f5fe120bd363a176f70cb28d4abfeec9a3686b320a0b96 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/01 12:0 a.m.13 views

Malicious code in @redhat-cloud-services/quickstarts-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6AI score
Exploits0References2
OSV
OSVadded 2026/05/29 10:3 p.m.4 views

MAL-2026-5082 Malicious code in tailwind-smooth-slider (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b613524a54cbd80614c087930d4df2de524b7a594cadc3469723bb38e5cc8516 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/28 1:39 p.m.12 views

Malicious code in @service-suppliers/fetch_initial_suppliers_action_saga (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5701c4e65352d4be1b2266c870a111f44803d475f58363cb841146d16ec43385 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/25 8:54 a.m.12 views

Malicious code in auth0-aspnetcore-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a65e2c9bb72bed2f85cc5ce144070401adc82275fbdceee1345e245bd8b69dc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/25 8:15 a.m.12 views

Malicious code in core-utility-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf63d686ef961c38d281d369f2f1b2cf4e2baf9c25f3e6a62672a9ac9b979963 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/25 8:11 a.m.13 views

Malicious code in nba-cdn-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a6472220c5bb80d934ccb360b63359201b4f8e203bc8c173b27cd4181c15964b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/21 4:12 p.m.7 views

Malicious code in tailwindcss-theme-custom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 018631578c90dccfae7d22483708ce7ddd497f68e0d1f4cd03c862b47801b59d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/20 12:8 a.m.7 views

Malicious code in foundry-deploy-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14ad9106b013b6e68056e1afe40a833d89b1c2037aab7b67d4b24bba1dbf4c77 package.json declares a postinstall hook that runs node -e with an inline childprocess.execSync invoking curl -fsSL...

6.4AI score
Exploits0References2
OSV
OSVadded 2026/05/18 2:14 p.m.4 views

MAL-2026-3831 Malicious code in citrea-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9af3ffcf057e7fa952c80b46cbee31773e340ba668377511d7f3ee3b38c1c810 The package citrea-utils was found to contain malicious code. Source: ghsa-malware 0cbde9fcd3b6b009f9d8b0ff2dc739d877beb20223d14d402fcbc90515470eac A...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/12 3:32 a.m.10 views

Malicious code in @uipath/filesystem (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 146d5edb9ab8fea89bfb60b8ae01c6c1e8e0fea9e6332121cf3922f4d23546df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/11 11:52 p.m.11 views

Malicious code in @tanstack/react-start-rsc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54678e0e02befdbc43f928e36fa9a25991d3eb222775849d4225eab0480904f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
OSV
OSVadded 2026/05/04 12:1 a.m.5 views

MAL-2026-3268 Malicious code in @bcs-mi/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32fb1f804a47c0e11e62bab82cc978af199c0517a91965fb2bfd34f226237d34 The package @bcs-mi/store was found to contain malicious code. Source: ghsa-malware cc97afe6281e170826ea8ad4c189a9d5bb874fe69ca97da0e2bbdf327e33ba91...

5.8AI score
Exploits0References1
Rows per page
Query Builder