CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

29066 matches found

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•7 views

Malicious code in @antv/l7-component (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•12 views

Malicious code in canvas-nest.js (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•6 views

Malicious code in filesize.js (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•6 views

Malicious code in jest-random-mock (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•7 views

Malicious code in @antv/g-plugin-canvaskit-renderer (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References4

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•6 views

Malicious code in @antv/g-plugin-canvas-renderer (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•6 views

Malicious code in @antv/g-web-animations-api (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References4

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•7 views

Malicious code in @antv/gi-assets-graphscope (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References4

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•7 views

Malicious code in @antv/l7-composite-layers (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•9 views

Malicious code in @antv/gi-assets-galaxybase (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References4

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•6 views

Malicious code in @antv/li-aiearth-assets (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References4

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•11 views

Malicious code in @antv/util (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•8 views

Malicious code in @antv/word-scale-chart (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References4

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•9 views

Malicious code in @antv/g-plugin-device-renderer (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References5

OSV•added 2026/05/19 12:0 a.m.•1 views

MAL-2026-3980 Malicious code in @antv/g2plot (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References5

OSV•added 2026/05/19 12:0 a.m.•3 views

MAL-2026-3892 Malicious code in @antv/f2-context (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•9 views

Malicious code in @antv/x6-common (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References5

OSV•added 2026/05/19 12:0 a.m.•4 views

MAL-2026-4156 Malicious code in timeago.js (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References5

OSV•added 2026/05/19 12:0 a.m.•4 views

MAL-2026-4049 Malicious code in @antv/l7-renderer (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References5

OSV•added 2026/05/19 12:0 a.m.•2 views

MAL-2026-4135 Malicious code in gantt-for-react (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by