CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

445 matches found

vulnersOsv•added 2026/01/16 3:31 p.m.•5 views

@mapbox/vnu-validate-html (=0.1.0), @northernbeat/gulp-tasks (>=1.0.48 <=1.0.50) +32 more potentially affected by CVE-2025-15104 via vnu-jar (>=16.12.27 <=25.12.31)

vnu-jar NPM version =16.12.27, =1.0.48, =1.0.3, =0.9.0, =0.1.1, =0.7.0, =0.1.2, =0.6.0, =8.1.0, =9.1.1, =1.0.0, =1.1.2, =2.0.0 and more Source cves: CVE-2025-15104 Source advisory: OSV:GHSA-FCCG-7W3P-W66F...

6.9CVSS5.8AI score0.00425EPSS

Exploits1

RedhatCVE•added 2026/01/09 9:58 a.m.•4 views

CVE-2020-7605

gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options...

9.8CVSS7.2AI score0.02512EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:58 a.m.•12 views

CVE-2020-7601

gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options...

9.8CVSS7.2AI score0.02644EPSS

Exploits1References1

EUVD•added 2025/11/24 10:32 p.m.•2 views

EUVD-2025-199149

Malicious code in gulp-inject-envs npm...

6.6AI score

Exploits0References1

OSSF Malicious Packages•added 2025/11/24 10:32 p.m.•5 views

Malicious code in gulp-inject-envs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d230a528331dc71aa1fa5cb1d9fd8146d79d7e92f3aae2efd2ce7c177640b337 The package gulp-inject-envs was found to contain malicious code. Source: ghsa-malware 5dafa09839ea07c586670ac1a302805fb65ffaf32d1641dcab2be569a68231...

6.9AI score

Exploits0References4

OSV•added 2025/11/24 10:32 p.m.•1 views

MAL-2025-191105 Malicious code in gulp-inject-envs (npm)

6.8AI score

Exploits0References4

vulnersOsv•added 2025/11/24 4:24 p.m.•7 views

ff-build (>=2.4.0 <=2.6.1) potentially affected by unknown CVE via gulp-inject-envs (=1.2.0)

gulp-inject-envs NPM version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on gulp-inject-envs and may be impacted: - ff-build =2.4.0, =2.6.1 Source cves: unknown CVE Source advisory: SNYK:JS-GULPINJECTENVS-14103633...

5.8AI score

Exploits0

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•4 views

Malicious code in gulp-parcel-bioinformatics-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e954d5023f3652da9264a4ff04b69f8bb31573498561742734a9118e944fb11b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•4 views

Malicious code in gulp-cluster-hermes-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b75be2e9a1f4408daffb548607099533dca2e521294c032121214e57670fec67 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-178626

Malicious code in gulp-rollup-plugin-carina-csv npm...

6.6AI score

Exploits0

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-178630

Malicious code in gulp-kinetic-mongodb-astrometry npm...

6.6AI score

Exploits0