202 matches found
@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.1.0) +95 more potentially affected by CVE-2026-44646 via liquidjs (>=10.10.0 <=10.25.7)
liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =0.5.5, =0.8.0, =1.0.1, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.0.0, =1.0.0-beta.5 - @clairview/api =23.1.0 and more Source cves: CVE-2026-44646 Source advisory: OSV:GHSA-9X9P-QF8F-MVJG...
@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.1.0) +95 more potentially affected by CVE-2026-44644 via liquidjs (>=10.10.0 <=10.25.7)
liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =0.5.5, =0.8.0, =1.0.1, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.0.0, =1.0.0-beta.5 - @clairview/api =23.1.0 and more Source cves: CVE-2026-44644 Source advisory: OSV:GHSA-2QV6-9WX5-CWV4...
@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.1.0) +93 more potentially affected by CVE-2026-41311 via liquidjs (>=10.10.0 <=10.25.6)
liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =0.5.5, =0.8.0, =1.0.1, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.0.0-beta.1, =1.0.0-beta.4 - @clairview/api =23.1.0 and more Source cves: CVE-2026-41311 Source advisory: OSV:GHSA-4RC3-7J7W-M548...
@11ty/eleventy-plugin-vite (>=8.0.0 <=8.0.0-alpha.2), @17sierra/config (=0.1.0) +1254 more potentially affected by CVE-2026-39363 via vite (>=8.0.0 <=8.0.3)
vite NPM version =8.0.0, =8.0.0, =0.0.1, =0.1.9, =0.0.15-0.1, =0.0.42, =0.1.8, =0.0.1-bate.2, =0.1.0, =0.1.0, =0.0.8, =0.0.9 - @adhisang/minecraft-modding-mcp =1.0.0 and more Source cves: CVE-2026-39363 Source advisory: SNYK:JS-VITE-15922242...
4coders-commons (>=0.0.1 <=0.0.2), @11ty/eleventy (=0.3.3) +3644 more potentially affected by CVE-2026-33939 via handlebars (>=4.0.0 <=4.7.8)
handlebars NPM version =4.0.0, =0.0.1, =0.1.0, =0.1.0, =0.0.11, =0.0.52, =0.1.0, =0.0.72, =0.1.0, =1.1.1, =0.0.0-3b548b7bf6ff6554f724240da3a11be924237e6c, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: CVE-2026-33939 Source advisory: SNYK:JS-HANDLEBARS-15807042...
4coders-commons (>=0.0.1 <=0.0.2), @11ty/eleventy (=0.3.3) +3644 more potentially affected by CVE-2026-33916 via handlebars (>=4.0.0 <=4.7.8)
handlebars NPM version =4.0.0, =0.0.1, =0.1.0, =0.1.0, =0.0.11, =0.0.52, =0.1.0, =0.0.72, =0.1.0, =1.1.1, =0.0.0-3b548b7bf6ff6554f724240da3a11be924237e6c, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: CVE-2026-33916 Source advisory: SNYK:JS-HANDLEBARS-15789775...
EUVD-2025-176498
Malicious code in scorpius-chalk-eleventy-kaus npm...
EUVD-2025-177197
Malicious code in phoenix-eleventy-io-radiant npm...
EUVD-2025-179802
Malicious code in chai-juno-eleventy-hydrogeology npm...
MAL-2025-186718 Malicious code in eleventy-delphinus-figures-async (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0224ac3cb23c603d157129375e0a9a49860917e8b20c5c455d7932530d367bc9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186080 Malicious code in chai-juno-eleventy-hydrogeology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a651f6b98ef3ec7de1e3366e3618090aba6d851129a759dc82198724df69145d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in firebase-selenology-blitz-eleventy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ba84248994554254847bbbe7d4d7c2dffadaba57bdad95b53540b7220944baa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in rocket-eleventy-alphard-changelog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08e513a76e72e1fca6eec63742d1bdca68ae829e5cdedb6e60687eab86480607 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-176446
Malicious code in selenium-cluster-framework-eleventy npm...
EUVD-2025-178889
Malicious code in firebase-selenology-blitz-eleventy npm...
EUVD-2025-175906
Malicious code in transform-semantic-ui-eleventy-phoebe npm...
EUVD-2025-178249
Malicious code in juno-eleventy-prettier-stylelint-rimraf npm...
EUVD-2025-179545
Malicious code in cosmicray-nova-regulus-eleventy npm...
Malicious code in areology-eleventy-cassini-filament (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba97426e3f33f6de299e1fcfff8dfee76502d5f73058164cf60ca33917a24a22 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-177442
Malicious code in ophiuchus-eleventy-fornax-proxima npm...