Lucene search
+L

538 matches found

OSV
OSV
added 3 days ago4 views

MAL-2026-10548 Malicious code in @amedit/vercel-builder-probe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fe0b29ddff65cbd65167ea905c448d928fc6da661d69df415993635bf1bd3bc When wired in as a @vercel/build-utils Builder and the exported build runs in a Vercel deployment pipeline, index.js reads the installer's...

6.1AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago10 views

Malicious code in @dervix/socket.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c299d96dca6144eec3e8be8770c98430139e9b6b982762da448ef50b7bde06a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in abuden212 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12fc33584a728d7313bfc310121db6971d546738676f5b71bd5202527415822a The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in abuden226 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8a4986d9e75be69083a7905e5ef5e4558e17fe8b9f15777a9cd692c882b9d6b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago9 views

Malicious code in abuden222 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c141ada78ccdede0bb49a76d998fcf07eb4cc60c58cce5fdc1b5933b85a817d The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in speed1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55f523969dc528b9e84ec2f5a875e316c09d97d41b25e28e66e0c3a218c453ce [email protected] is not a functional Node package. package.json declares main: sw.js, but sw.js is a browser ServiceWorker importScripts'./8cfc2/hgshm.js...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago8 views

Malicious code in backup3-ff (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a32646e3ad3e35186f8344c19ccdecfd69c26e8047fc44b77c0516b644fd094 The npm package [email protected] ships multiple heavily obfuscated JavaScript bundles under assets/ AccountPage, DarkVeil, GamesPage, PlusBlockedNote...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/09 5:53 a.m.10 views

Malicious code in clavue (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ffc14d0e15af336ff2709e543272d2386d767fe185b380c5f2c2baeb78c3cbf The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:53 p.m.7 views

Malicious code in log-upgrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f55c4d43e953e16c7d0325948c789e0fdf1acefaca4b47ceabf199a5288e6f82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:50 p.m.12 views

Malicious code in big256-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 18f547bc04e09d0a4a99ac1e49992abd3dc35c02ad1bd963e8d0d07fd0e11464 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.9 views

Malicious code in @alerts/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a825df408053d3df39c8fe0790b9e99ef97e51f60765549e1931709b86fcf30b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.12 views

Malicious code in @hg-aka-prml/tapas-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0283140e8754f9cdc894794ae19307cf6235508d8f8cc75d97b900c1469d9393 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.11 views

Malicious code in @meego-progressive/cdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a7205f38cfc6908e42b221ffcaf5118f3ef9891d4b1cc7c0798411cc7b0b349 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:50 p.m.9 views

Malicious code in @huobi-ui/activity-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2dc07679f0c801fbb465a2502687e29ed687871964c5d84c0dd5f2b7f94e8ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/29 4:50 p.m.6 views

MAL-2026-6624 Malicious code in @gm-rvg/root-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 439c6ce041ad5226eefdab8b99045e573701e66838e908be4fa6d3b0ee6e8a7b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.10 views

Malicious code in @grappi/automations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dfa70084df92420d9b31f4eb1da3b47bccc78cc677a9f6fb3ac242c857f2e925 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:12 p.m.35 views

CVE-2026-47386 NocoDB: OAuth Authorization Code Race Condition

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid accesstoken, refreshtoken pair, breaking the single-use guarantee that PKCE relies on. This vulnerability ...

6.3CVSS0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:12 p.m.26 views

CVE-2026-47386

CVE-2026-47386 affects NocoDB’s OAuth token-exchange flow. Before 2026.05.1, two concurrent token-exchange requests could use the same OAuth authorization code to mint two valid token pairs, breaking PKCE’s single-use guarantee. The issue is mitigated by a fix in 2026.05.1, which introduces atomi...

6.3CVSS5.9AI score0.00197EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:15 p.m.10 views

Malicious code in poly-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5aab464aac47233efb564c52d5818fef783efa856f8318c61d61ef99ca0da4e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/17 11:7 a.m.11 views

MAL-2026-6056 Malicious code in @mastra/react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb2d86bcc71a172b3b3abf321bea01e031f13fcbd7cf94c490a5735f02f6dc8f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Rows per page
Query Builder