Lucene search
+L

101 matches found

OSV
OSV
added 2026/06/25 6:43 a.m.17 views

MAL-2026-6445 Malicious code in base58-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 048a186e2e59bb0b7d9986c7099e527390e38690292bc49e237578a471c56680 The package advertises itself as a Base58 encoder/decoder but on require schedules a delayed payload that performs multiple installer-side attacks...

6AI score
Exploits0References13
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/21 4:21 p.m.15 views

Malicious code in blinkit-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ca70b0a6be36daf245deb50dd6b3595a9bfba29c62770e82365152a02832cf8 On npm install, the package's preinstall lifecycle hook runs curl against http://d8s0b82plbq3u5sb2vo0sb3a9obr4yjt7.oast.site/ and POSTs the installer...

6AI score
Exploits0References1
Veracode
Veracode
added 2026/06/20 6:36 a.m.7 views

Cross-Site Scripting (XSS)

Angular is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of namespaced script elements and attributes in the @angular/compiler and @angular/core packages, which allows an attacker to inject specially crafted namespaced templates that bypass Angular's...

6.1CVSS5.8AI score0.00206EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2026/06/17 4:55 a.m.8 views

MAL-2026-6011 Malicious code in @mastra/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89ab661f926db8827cca977fedce8cae92cf025babad8825c2e43467121a5c26 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/05/26 3:9 p.m.9 views

MAL-2026-4824 Malicious code in cdktn-provider-datadog (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29ce930466b101c48ae641d7e4ad57f3d5169b9f14b1e041e4264e75cbfd965b Package name cdktn-provider-datadog is a single-character variant f→n of HashiCorp's widely-used cdktf-provider-datadog CDKTF provider. README and...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/24 2:39 a.m.10 views

Malicious code in sagat-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b9e0a31b6bceddf90e920c8c6eb6313c822ca883c8daaa6905c5d8835fb8220 The package sagat-core was found to contain malicious code. Source: ghsa-malware cd038a03954f5c3c52c0f68ddfd36cbd9746f905131c22fa2089a72f8929be62 Any...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/04/22 8:9 p.m.13 views

GHSA-4948-F92Q-F432 @nocobase/database has SQL Injection via String Concatenation through Recursive Eager Loading

Summary The queryParentSQL function in the core database package constructs a recursive CTE query by joining nodeIds with string concatenation instead of using parameterized queries. The nodeIds array contains primary key values read from database rows. An attacker who can create a record with a...

7.5CVSS5.9AI score0.01875EPSS
Exploits1References6
OSV
OSV
added 2026/04/13 3:25 p.m.6 views

MAL-2026-2579 Malicious code in @bookiply/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd6b31f3177ed87f264b6338a9fe54bb910142b5622bba68372acbac801268d2 The package @bookiply/core was found to contain malicious code. Source: ghsa-malware 2887f360cb9e14cb6c6065ddc86c7aa69674edb8d09486f31b3256f376894e8f...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/04/11 9:54 p.m.5 views

MAL-2026-2877 Malicious code in unisys-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c759e3a9b4c256239f0ec3be5b97424efc8191d317d82feb632b84e77d6c46eb The package unisys-core was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score
Exploits0
Snyk
Snyk
added 2026/03/31 6:13 p.m.4 views

Malicious Package

Overview @c8o/nimbus-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Wolfi
Wolfi
added 2026/03/20 1:48 p.m.8 views

CVE-2026-32829 vulnerabilities

Vulnerabilities for packages: py3-xet-core, parseable, vector, qdrant...

8.2CVSS7.7AI score0.00608EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/09 10:44 p.m.9 views

Malicious code in jsonify-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a8aa1030a7553e5aa40c2770df5c5945ccce7110fbe89a5931b7003453aa08d The package jsonify-core was found to contain malicious code. Source: ghsa-malware 15401bad013f01305211dd3ab1307a4ac9383ef3846645fd154ab648ce77e956 A...

5.7AI score
Exploits0References1
Chainguard
Chainguard
added 2026/01/30 7:17 a.m.10 views

CVE-2026-0994 vulnerabilities

Vulnerabilities for packages: tensorflow-cpu-jupyter, azure-functions-python-worker, py3-protobuf, spamcheck, pgadmin4-fips, kubeflow-pipelines, airflow-core, vllm-openai-cuda-12.9, litellm, kserve, localstack, text-generation-inference, dbt-bigquery, tritonserver-backend-vllm-cuda-12.9, airflow,...

8.2CVSS5.8AI score0.00613EPSS
Exploits0
Snyk
Snyk
added 2026/01/07 11:51 p.m.2 views

Malicious Package

Overview awsm-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/07 11:51 p.m.11 views

Malicious code in awsm-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86a8778a330765a0a4f5b15960d7bba1cf4ea76946cd4395eb239af31c497330 The package awsm-core was found to contain malicious code. Source: ghsa-malware ba13f4a6fbc556808377c1e17e991b77feb5d2d08af58861be6460732cfc3d9e Any...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2025/12/19 8:24 a.m.3 views

Malicious Package

Overview @pluxee-design-system/core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/19 8:24 a.m.7 views

Malicious code in @pluxee-design-system/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b95edac344588e8262b1cfdc979c7eb4585329df2ce47b7adc45f23930971e7b The package @pluxee-design-system/core was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References1
EUVD
EUVD
added 2025/11/24 11:29 a.m.3 views

EUVD-2025-198645

Malicious code in @posthog/core npm...

6.6AI score
Exploits0References1
EUVD
EUVD
added 2025/10/30 5:38 p.m.3 views

EUVD-2025-37165

Malicious code in epic-core npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/30 5:38 p.m.5 views

EUVD-2025-37191

Malicious code in @epicgames/epic-core npm...

6.6AI score
Exploits0
Rows per page
Query Builder