Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

47 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 7:0 p.m.7 views

Malicious code in workrally (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 502275ca25c6fb0e28db57d91789be11e347b5f21696ed45e15c015d123eaf51 dist/index.js imports childprocess and runs whoami observed at multiple call sites, then POSTs the result to a hardcoded remote URL...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/14 7:25 p.m.10 views

Malicious code in prettier-lint-lenz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28f7035dda69170600724a31f4b3543e02ac23c9153f3a62c35f2ee5264eef44 Package impersonates the popular prettier formatter — README and description are copied verbatim from the real Prettier project, but the package ship...

5.9AI score
Exploits0References2
OSV
OSVadded 2026/05/14 7:25 p.m.5 views

MAL-2026-3769 Malicious code in prettier-lint-lenz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28f7035dda69170600724a31f4b3543e02ac23c9153f3a62c35f2ee5264eef44 Package impersonates the popular prettier formatter — README and description are copied verbatim from the real Prettier project, but the package ship...

5.9AI score
Exploits0References2
OSV
OSVadded 2026/05/12 7:41 a.m.4 views

MAL-2026-3692 Malicious code in guan (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e04a9a658bc7616e72a5edf276dd049e5b697f2492c46929caf2e01fac95d84 The top-level src/guan/init.py unconditionally calls statisticsofguanpackage on every import guan. That function in src/guan/others.py opens a raw TC...

5.8AI score
Exploits0References2
Hacker One
Hacker Oneadded 2025/04/09 1:7 p.m.90 views

Bykea: IDOR on in-app hardcoded zombie endpoint

The researcher discovered an Insecure Direct Object Reference IDOR vulnerability in a hardcoded legacy zombie endpoint that was no longer actively used but remained accessible. By reverse engineering the Android app and reviewing the code for unused endpoints, the sensitive details related to...

7.1AI score
Exploits0
Github Security Blog
Github Security Blogadded 2021/01/29 8:51 p.m.52 views

Steam Socialite Provider v1 does not correctly validate openid server

Impact The outdated version 1 of the Steam Socialite Provider doesn't check properly if the login comes from steamcommunity.com, allowing a malicious actor to substitute their own openID server. Patches This vulnerability only affects the outdated v1.x versions of the package. These are no longer...

3.1AI score
Exploits0References3Affected Software1
OSV
OSVadded 2021/01/29 8:51 p.m.17 views

GHSA-HHW9-35P2-Q2C5 Steam Socialite Provider v1 does not correctly validate openid server

Impact The outdated version 1 of the Steam Socialite Provider doesn't check properly if the login comes from steamcommunity.com, allowing a malicious actor to substitute their own openID server. Patches This vulnerability only affects the outdated v1.x versions of the package. These are no longer...

6.9AI score
Exploits0References2
Rows per page
Query Builder