CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

MAL-2026-5016 Malicious code in @mlspace/env-jobs (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

OSSF Malicious Packages•added 2026/05/28 12:0 a.m.•15 views

Malicious code in @cloudplatform-single-spa/dataplatform-metastore (npm)

OSSF Malicious Packages•added 2026/05/28 12:0 a.m.•13 views

Exploits0References2

Malicious code in @cloudplatform-single-spa/ml-ai-agents-trigger (npm)

OSSF Malicious Packages•added 2026/05/28 12:0 a.m.•8 views

Malicious code in @cloudplatform-single-spa/ml-inference-docker-run (npm)

OSV•added 2026/05/28 12:0 a.m.•17 views

MAL-2026-4967 Malicious code in @cloudplatform-single-spa/security-groups (npm)

Exploits0References2

MAL-2026-5006 Malicious code in @fb-deposit/form-deposit (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

MAL-2026-4943 Malicious code in @cloudplatform-single-spa/ml-inference (npm)

OSSF Malicious Packages•added 2026/05/28 12:0 a.m.•13 views

Malicious code in @cloudplatform-single-spa/billing (npm)

MAL-2026-5002 Malicious code in @cloudplatform-single-spa/vpc-endpoint (npm)

OSSF Malicious Packages•added 2026/05/27 11:53 p.m.•8 views

Malicious code in rogiant-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0c659d6e1e7b9bbbbb7b808196db4231a5eb1a62fe91827fc02fd708b92728b5 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score

Exploits0References9

OSV•added 2026/05/27 11:53 p.m.•7 views

MAL-2026-4835 Malicious code in rogiant-install (PyPI)

6AI score

Exploits0References9

vulnersOsv•added 2026/05/27 10:45 p.m.•4 views

org.yamcs:distribution (>=5.0.0 <=5.12.6), org.yamcs:packet-viewer (>=5.0.0 <=5.12.6) +9 more potentially affected by CVE-2026-46562 via org.yamcs:yamcs-core (>=5.0.0 <=5.12.6)

org.yamcs:yamcs-core MAVEN version =5.0.0, =5.0.0, =5.0.0, =5.10.0, =5.10.0, =0.1.0, =0.1, =1.0.0, =5.0.0, =5.0.0, =0.1.0, =0.8.0 Source cves: CVE-2026-46562 Source advisory: SNYK:JAVA-ORGYAMCS-17230916...

5.5AI score0.00562EPSS

vulnersOsv•added 2026/05/27 9:35 p.m.•6 views

aiida-abacus (>=0.3.0 <=0.3.1), aiida-abinit (=0.5.0) +151 more potentially affected by CVE-2026-45309 via asyncssh (>=2.0.1 <=2.22.0)

asyncssh PYPI version =2.0.1, =0.3.0, =0.4.1, =0.1.0, =0.0.6, =2.0.0, =0.1.3, =2.7.0, =2.8.0rc2 and more Source cves: CVE-2026-45309 Source advisory: SNYK:PYTHON-ASYNCSSH-16959998...

5.4AI score0.00221EPSS

vulnersOsv•added 2026/05/27 8:16 p.m.•5 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +235 more potentially affected by CVE-2026-44681 via authlib (>=0.10.0 <=1.6.11)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-44681 Source advisory: OSV:PYSEC-2026-188...

6.1CVSS5.4AI score0.00181EPSS

Exploits1

vulnersOsv•added 2026/05/27 6:24 p.m.•5 views

@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.1.0) +99 more potentially affected by CVE-2026-45618 via liquidjs (>=10.10.0 <=10.25.7)

liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =0.5.5, =0.8.0, =1.0.1, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.0.0, =1.0.0-beta.5 - @clairview/api =23.1.0 and more Source cves: CVE-2026-45618 Source advisory: OSV:GHSA-GF2Q-C269-PQGC...

5.4AI score0.00089EPSS

vulnersOsv•added 2026/05/27 6:16 p.m.•3 views

ai-dynamo (=0.1.0), bento2seldon (>=0.1.0 <=0.4.0) +16 more potentially affected by CVE-2026-44345 via bentoml (>=0.10.1 <=1.4.3)

bentoml PYPI version =0.10.1, =0.1.0, =0.1.0, =0.0.10, =0.0.5, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.0.1, =0.0.1, =0.0.13 and more Source cves: CVE-2026-44345 Source advisory: OSV:PYSEC-2026-189...

8.8CVSS5.4AI score0.0026EPSS

Exploits1

vulnersOsv•added 2026/05/27 5:33 p.m.•2 views

@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.1.0) +99 more potentially affected by CVE-2026-45357 via liquidjs (>=10.10.0 <=10.25.7)

5.5AI score0.00655EPSS

vulnersOsv•added 2026/05/27 5:16 p.m.•3 views

bsky2llm (=0.1.0), downitall-android (=1.5.0) +14 more potentially affected by CVE-2026-44353 via streamlink (>=0.14.2 <=8.0.0)

streamlink PYPI version =0.14.2, =0.3.0, =0.0.1, =0.0.18, =1.0.0, =0.12.0, =0.1.14, =1.1.0, =0.0.1, =2.1.0, =3.4.0b2 - twitch-fapi-backend =0.1.0 and more Source cves: CVE-2026-44353 Source advisory: OSV:PYSEC-2026-180...

6.5CVSS5.4AI score0.00298EPSS

Exploits1

OSV•added 2026/05/27 11:53 a.m.•16 views

SUSE-SU-2026:2092-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

7.5CVSS6AI score0.00588EPSS

Exploits0References25

vulnersOsv•added 2026/05/27 12:11 a.m.•4 views

@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.1.0) +99 more potentially affected by CVE-2026-44645 via liquidjs (>=10.10.0 <=10.25.7)

5.4AI score0.0057EPSS