CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/06/12 7:2 p.m.•10 views

MAL-2026-5703 Malicious code in eslint-plugin-mistica-local-rules (npm)

5.3AI score

OSSF Malicious Packages•added 2026/06/05 12:53 a.m.•6 views

Malicious code in eslint-plugin-awaitly (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

OSSF Malicious Packages•added 2026/06/05 12:53 a.m.•9 views

Malicious code in eslint-plugin-executable-stories-jest (npm)

Snyk•added 2026/06/02 9:0 p.m.•7 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score

Snyk•added 2026/06/02 9:0 p.m.•6 views

Embedded Malicious Code

9.8CVSS5.6AI score

vulnersOsv•added 2026/05/18 9:0 p.m.•3 views

@lint-md/cli (>=0.0.1 <=0.1.4), @lint-md/eslint-plugin (>=0.0.1 <=0.0.3) +4 more potentially affected by unknown CVE via ast-plugin (>=0.0.1 <=0.0.7)

ast-plugin NPM version =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2, =0.1.0, =0.1.2 - yuque-lint =0.0.1 Source cves: unknown CVE Source advisory: SNYK:JS-ASTPLUGIN-16755062...

5.5AI score

OSSF Malicious Packages•added 2026/05/11 11:38 p.m.•9 views

Malicious code in @tanstack/eslint-plugin-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b955b97c1476120c292ac6f7089a3d876161555205940838c49e6b09abe08e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

vulnersOsv•added 2026/05/11 9:0 p.m.•5 views

Exploits0References6

@2digits/eslint-config (>=4.10.0 <=5.1.10), @yunarch/config-web (>=0.1.0 <=0.7.6) potentially affected by CVE-2026-45321 via @tanstack/eslint-plugin-router (>=1.115.0 <=1.155.0)

@tanstack/eslint-plugin-router NPM version =1.115.0, =4.10.0, =0.1.0, =0.7.6 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKESLINTPLUGINROUTER-16640202...

9.6CVSS7.4AI score0.02342EPSS

Exploits3

Snyk•added 2026/05/05 2:34 p.m.•7 views

Malicious Package

Overview eslint-plugin-skyscanner-dates is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

9.8CVSS5.8AI score

OSSF Malicious Packages•added 2026/04/30 5:59 p.m.•7 views

Malicious code in eslint-plugin-skyscanner-dates (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fa3152c92c23ebec42990f14c77642de971e5a5464b0e7c25ecdea012ac81e4 The package eslint-plugin-skyscanner-dates was found to contain malicious code. Source: ghsa-malware...

OSV•added 2026/04/30 5:59 p.m.•2 views

MAL-2026-3202 Malicious code in eslint-plugin-skyscanner-dates (npm)

OSSF Malicious Packages•added 2026/04/17 12:20 p.m.•5 views

Malicious code in eslint-plugin-totara (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96447eb1f41df9da2d8e298530e25265374244a3e23279006ca447a8a5b0c0bd The package eslint-plugin-totara was found to contain malicious code. Source: ossf-package-analysis...

OSV•added 2026/04/17 12:20 p.m.•1 views

MAL-2026-2846 Malicious code in eslint-plugin-totara (npm)

vulnersOsv•added 2026/03/25 9:12 p.m.•9 views

@10xsai/cloudflare-router-nx-plugin (=1.0.0), @4itech/schematics (>=11.7.1 <=11.7.6) +1068 more potentially affected by CVE-2026-33671 via picomatch (>=4.0.1 <=4.0.3)

picomatch NPM version =4.0.1, =11.7.1, =1.2.0, =8.3.0, =1.0.25, =0.0.17, =0.0.47, =0.0.1, =1.0.0, =1.0.0, =10.0.0, =10.0.0, =13.0.0, =10.0.0, =14.0.0-next.1 and more Source cves: CVE-2026-33671 Source advisory: OSV:GHSA-C2C7-RCM5-VVQJ...

7.5CVSS5.4AI score0.00412EPSS

OSV•added 2026/03/18 12:49 p.m.•3 views

MAL-2026-1729 Malicious code in eslint-plugin-superhuman-custom-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e50258e14acd3712854f3059d043b8c4982563ab8d401555b253702a3212279 The package eslint-plugin-superhuman-custom-rules was found to contain malicious code...

OSV•added 2026/01/27 2:25 a.m.•4 views

MAL-2026-522 Malicious code in magento-coding-standard-eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 181566f148b6cac8ad613b2942849254b7a6968bbe5e16a9d009aaa8e4184b25 The package magento-coding-standard-eslint-plugin was found to contain malicious code. Source: ghsa-malware...

OSV•added 2026/01/17 9:37 p.m.•4 views

MAL-2026-323 Malicious code in eslint-plugin-fuel-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99675eb06a245907c7a2133cf7d75af3037229a059d0a135bf8c3d518432a6a4 The package eslint-plugin-fuel-react was found to contain malicious code. Source: ossf-package-analysis...

5.5AI score

OSSF Malicious Packages•added 2026/01/17 9:37 p.m.•7 views

Malicious code in eslint-plugin-fuel-react (npm)

5.5AI score

Snyk•added 2026/01/07 2:8 a.m.•1 views

Malicious Package

Overview eslint-plugin-supertest is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS6.8AI score