MAL-2025-191470 Malicious code in org.mvnpm:posthog-node (Maven)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ea90a5928d7667bed4fa9f6effbbe6c8d3ad6521ca51ca2b01551bc02373a7d2 This package was compromised by the Sha1-Hulud: The Second Coming NPM worm. The malicious payload steals tokens and credentials and...

Malicious code in @lokeswari-satyanarayanan/rn-zustand-expo-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73fe3bd99e2f11ab8bb09a9086c4dca8af56372031492ed11d90f1e32a0e8f53 The package @lokeswari-satyanarayanan/rn-zustand-expo-template was found to contain malicious code. Source: google-open-source-security...

MAL-2025-191468 Malicious code in @lokeswari-satyanarayanan/rn-zustand-expo-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73fe3bd99e2f11ab8bb09a9086c4dca8af56372031492ed11d90f1e32a0e8f53 The package @lokeswari-satyanarayanan/rn-zustand-expo-template was found to contain malicious code. Source: google-open-source-security...

EUVD-2025-199686

Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code e.g., "" to a Webform node with a...

CVE-2025-13595 CIBELES AI <= 1.10.8 - Unauthenticated Arbitrary File Upload

The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizadorgit.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite...

CVE-2025-13595

CIBELES AI WordPress plugin vulnerability (CVE-2025-13595) arises from a missing capability check in actualizador_git.php, affecting all versions up to 1.10.8. Unauthenticated attackers can perform arbitrary file uploads, enabling retrieval of GitHub repos and overwriting plugin files on the serv...

GO-2025-4157 Babylon's malformed vote extensions are not rejected in github.com/babylonlabs-io/babylon

Babylon's malformed vote extensions are not rejected in github.com/babylonlabs-io/babylon...

GO-2025-4149 OSV-SCALIBR has NULL Pointer Dereference in github.com/google/osv-scalibr

OSV-SCALIBR has NULL Pointer Dereference in github.com/google/osv-scalibr...

Exploit for CVE-2025-13595

CIBELES AI extractTo$extractDir; $rootInsideZip = $extrac...

MAL-2025-191293 Malicious code in @posthog/intercom-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12c972a0fa0f1cf26c3a80f626651c44d7d2b9021694b8e4f965ff35b56b0429 The package @posthog/intercom-plugin was found to contain malicious code. Source: google-open-source-security...

MAL-2025-191196 Malicious code in @browserbasehq/mcp-server-browserbase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59c07fb8ebd39670ff0a8c67a71dc45872c40e94a70a4100940576791f12cd66 The package @browserbasehq/mcp-server-browserbase was found to contain malicious code. Source: google-open-source-security...

MAL-2025-191318 Malicious code in @silgi/ratelimit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 422196a67d61d4d71d26fc505d10b7d141fb54310ecab586ff0320d42f395509 The package @silgi/ratelimit was found to contain malicious code. Source: google-open-source-security...

MAL-2025-191345 Malicious code in @voiceflow/eslint-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4db5527f8a6098b9553e656b50ee1e0fcae45b163917de83299e9e5200ff96f The package @voiceflow/eslint-config was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191284 Malicious code in @pergel/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d52bf0972dc9dad856bf4bc427d7d1bc127b3b0db55ec37a6e1d5327ffe59237 The package @pergel/cli was found to contain malicious code. Source: google-open-source-security...

MAL-2025-191247 Malicious code in @mizzle-dev/orm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd528c11fe54881e4913d51e5acc448562c3fc1b7edaae7aa2a40e6b12425f55 The package @mizzle-dev/orm was found to contain malicious code. Source: ghsa-malware c327219099fb121baf202032e61fc1b4881236e892dea9b4aa2b6159f953696...

MAL-2025-191248 Malicious code in @oku-ui/alert-dialog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 824a69f83431a766f681bc72d705ff3b28ae9309898b4ad10979adca148f2276 The package @oku-ui/alert-dialog was found to contain malicious code. Source: google-open-source-security...

MAL-2025-191267 Malicious code in @oku-ui/primitives-nuxt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ee73daea7a5697698adf390d5267c68b30e77f888efdbfd38686cdc878deca2 The package @oku-ui/primitives-nuxt was found to contain malicious code. Source: google-open-source-security...

MAL-2025-191336 Malicious code in @voiceflow/body-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27087f99b3b863dae53a7bc93919c6691aa9fb2deb6de5eda5deea916f283686 The package @voiceflow/body-parser was found to contain malicious code. Source: ghsa-malware...

Malicious code in @dev-blinq/ui-systems (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ce530512b608913637db50ce0058d08d5afb8173c8b5968023c9b9665bcde49 The package @dev-blinq/ui-systems was found to contain malicious code. Source: ghsa-malware...

Malicious code in @antstackio/express-graphql-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13ae25cf8547b5efb95597b0e90ea4105e03417563ff724dd9c720c49b4c52d2 The package @antstackio/express-graphql-proxy was found to contain malicious code. Source: google-open-source-security...