Malicious code in @limebike/frontend-core-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36e6a8b7768f00cc5d468fe7a21f8792da1970b60e5ccbad17eefeda1a8d5b3d Package squats the @limebike npm scope and ships a preinstall/postinstall hook node index.js that, on npm install, collects hostname, non-internal...

Improper Privilege Management

Overview @budibase/frontend-core is a Budibase frontend core libraries used in builder and client Affected versions of this package are vulnerable to Improper Privilege Management through the onboardUsers function. An attacker can gain unauthorized administrative privileges by sending crafted...

@budibase/backend-core (>=3.0.0 <=3.2.26), @budibase/bbui (>=3.0.0 <=3.2.26) +7 more potentially affected by CVE-2026-35214 via @budibase/types (>=3.0.0 <=3.2.7)

@budibase/types NPM version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.2.26 Source cves: CVE-2026-35214 Source advisory: SNYK:JS-BUDIBASETYPES-15917494...

Malicious Package

Overview @casaverso/frontend-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2026-628 Malicious code in @casaverso/frontend-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48584fd15701448c3394285943de2520455a7b1fc07cead90b74d535437feda4 The package @casaverso/frontend-core was found to contain malicious code. Source: ghsa-malware...

Malicious code in @casaverso/frontend-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48584fd15701448c3394285943de2520455a7b1fc07cead90b74d535437feda4 The package @casaverso/frontend-core was found to contain malicious code. Source: ghsa-malware...

@env-hopper/backend-core (>=2.0.1-alpha-20260224145405 <=2.0.1-alpha.3), @env-hopper/frontend-core (>=2.0.1-alpha <=2.0.1-alpha.11) +4 more potentially affected by CVE-2025-48054 via radashi (=12.5.0-beta.6d5c035)

radashi NPM version =12.5.0-beta.6d5c035 is affected by a known vulnerability. The following packages have a transitive dependency on radashi and may be impacted: - @env-hopper/backend-core =2.0.1-alpha-20260224145405, =2.0.1-alpha, =2.0.1-alpha-20260224145405, =0.0.1, =0.0.1, =0.0.1,...

Malicious code in purplebricks-frontend-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f8044c661c6223ef46436635423b8c74bbebf2796ae2252435a5592288dceca7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8105 Malicious code in purplebricks-frontend-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f8044c661c6223ef46436635423b8c74bbebf2796ae2252435a5592288dceca7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview @logistics-frontend/core is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious Package

Overview flipper-frontend-core is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious code in flipper-frontend-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 745d70c1af1c5bc8882038e6eac687fd4ce85fa2d6b667c7c5ccef39ce54b877 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

flipper-server (>=0.171.1 <=0.212.0), flipper-server-companion (>=0.171.0 <=0.212.0) +1 more potentially affected by unknown CVE via flipper-frontend-core (>=0.171.0 <=0.212.0)

flipper-frontend-core NPM version =0.171.0, =0.171.1, =0.171.0, =0.171.1, =0.212.0 Source cves: unknown CVE Source advisory: OSV:MAL-2022-3074...

Malicious code in @logistics-frontend/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2c1071ed352739aa34ab8907b99ce3d1e2e3127a96d8d63b155f3830fd9d8b44 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ForkCMS Directory Traversal vulnerability

Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. dot dot in the module parameter to frontend/js.php...