CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/04/24 2:39 a.m.•4 views

Malicious code in sagat-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b9e0a31b6bceddf90e920c8c6eb6313c822ca883c8daaa6905c5d8835fb8220 The package sagat-core was found to contain malicious code. Source: ghsa-malware cd038a03954f5c3c52c0f68ddfd36cbd9746f905131c22fa2089a72f8929be62 Any...

5.8AI score

OSV•added 2026/04/22 8:9 p.m.•3 views

GHSA-4948-F92Q-F432 @nocobase/database has SQL Injection via String Concatenation through Recursive Eager Loading

Summary The queryParentSQL function in the core database package constructs a recursive CTE query by joining nodeIds with string concatenation instead of using parameterized queries. The nodeIds array contains primary key values read from database rows. An attacker who can create a record with a...

7.5CVSS5.9AI score0.04817EPSS

Exploits1References6

OSV•added 2026/04/13 3:25 p.m.•3 views

MAL-2026-2579 Malicious code in @bookiply/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd6b31f3177ed87f264b6338a9fe54bb910142b5622bba68372acbac801268d2 The package @bookiply/core was found to contain malicious code. Source: ghsa-malware 2887f360cb9e14cb6c6065ddc86c7aa69674edb8d09486f31b3256f376894e8f...

5.7AI score

OSV•added 2026/04/11 9:54 p.m.•0 views

MAL-2026-2877 Malicious code in unisys-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c759e3a9b4c256239f0ec3be5b97424efc8191d317d82feb632b84e77d6c46eb The package unisys-core was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score

Snyk•added 2026/03/31 6:13 p.m.•1 views

Malicious Package

Overview @c8o/nimbus-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score

Wolfi•added 2026/03/20 1:48 p.m.•3 views

CVE-2026-32829 vulnerabilities

Vulnerabilities for packages: parseable, vector, qdrant, py3-xet-core...

8.2CVSS7.5AI score0.00015EPSS

OSSF Malicious Packages•added 2026/03/09 10:44 p.m.•3 views

Malicious code in jsonify-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a8aa1030a7553e5aa40c2770df5c5945ccce7110fbe89a5931b7003453aa08d The package jsonify-core was found to contain malicious code. Source: ghsa-malware 15401bad013f01305211dd3ab1307a4ac9383ef3846645fd154ab648ce77e956 A...

5.7AI score

Chainguard•added 2026/01/30 7:17 a.m.•6 views

CVE-2026-0994 vulnerabilities

Vulnerabilities for packages: litellm, datadog-agent, datadog-agent-fips, mlflow, airflow, dbt-snowflake, py3-cassandra-medusa, kubeflow-katib, opentelemetry-python-instrumentation, open-webui, tensorflow-cpu-jupyter, label-studio, barman, py3-protobuf, metaflow-service, ghidra, airflow-core,...

8.2CVSS6.4AI score0.00013EPSS

OSSF Malicious Packages•added 2026/01/07 11:51 p.m.•5 views

Malicious code in awsm-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86a8778a330765a0a4f5b15960d7bba1cf4ea76946cd4395eb239af31c497330 The package awsm-core was found to contain malicious code. Source: ghsa-malware ba13f4a6fbc556808377c1e17e991b77feb5d2d08af58861be6460732cfc3d9e Any...

6.9AI score

Snyk•added 2026/01/07 11:51 p.m.•1 views

Malicious Package

Overview awsm-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score

OSSF Malicious Packages•added 2025/12/19 8:24 a.m.•3 views

Malicious code in @pluxee-design-system/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b95edac344588e8262b1cfdc979c7eb4585329df2ce47b7adc45f23930971e7b The package @pluxee-design-system/core was found to contain malicious code. Source: ghsa-malware...

6.9AI score

Snyk•added 2025/12/19 8:24 a.m.•1 views

Malicious Package

Overview @pluxee-design-system/core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score

EUVD•added 2025/11/24 11:29 a.m.•0 views

EUVD-2025-198645

Malicious code in @posthog/core npm...

6.6AI score

EUVD•added 2025/10/30 5:38 p.m.•2 views

EUVD-2025-37191

Malicious code in @epicgames/epic-core npm...

6.6AI score

EUVD•added 2025/10/30 5:38 p.m.•1 views

EUVD-2025-37165

Malicious code in epic-core npm...

6.6AI score

OSV•added 2025/10/08 7:20 a.m.•1 views

MAL-2025-48087 Malicious code in v0-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 823ea0633ff002d303ce7a803d2ae0f945f97a935a6757338babb0a483a2f710 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-20889

Malware in sbrugna...

7.2CVSS5.8AI score0.00319EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-16463

Malware in sbrugna...

7.5CVSS7.6AI score0.00297EPSS