PT-2026-45259

Content removed...

PT-2026-42699

Name of the Vulnerable Software and Affected Versions libp2p versions prior to 15.0.23 Description Three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node using default options, leading to an Out-Of-Memory OOM crash...

Malicious Package

Overview is-really-odd is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

PT-2026-40549

Name of the Vulnerable Software and Affected Versions UltraJSON versions prior to 5.12.1 Description A memory leak occurs when the ujson.dump function writes to a file-like object and the write operation raises an exception. The objToJSONFile function allocates a Python string object but fails to...

PT-2026-39248

Name of the Vulnerable Software and Affected Versions free5GC BSF version 4.2.1 Description An unsynchronized write occurs on the global Subscriptions map within the BSF handler for the endpoint '/nbsf-management/v1/subscriptions/subId'. While the handler reads the map using a read-lock via the...

PT-2026-37501

Content removed...

PT-2026-38306

Name of the Vulnerable Software and Affected Versions Daptin versions prior to 0.11.5 Description An issue exists in the processFuzzySearch function within server/resource/resource findallpaginated.go where the software fails to validate the column parameter against a whitelist. When using the 'G...

PT-2026-36504

Content removed...

Malicious Package

Overview mcp-server-todo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview chai-as-emitted is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview unibody is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview solaraupdater is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview realestate-ask is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

PT-2026-21607

Name of the Vulnerable Software and Affected Versions Ormar versions 0.9.9 through 0.22.0 Description Ormar is an async mini ORM for Python. Versions 0.9.9 through 0.22.0 are susceptible to a SQL injection flaw when performing aggregate queries. The min and max methods in the QuerySet class accep...

Malicious Package

Overview @devgandhi/cpp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview eslint-config-minecraft-scripting is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Malicious Package

Overview somsodamsd is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview equimper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview @afg-ikea/ikea-modals is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview spark-ar-dynamic-mocks is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...