CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

722 matches found

Astra Linux – Vulnerability in Ruby-Rack

A sequence injection vulnerability exists in Rack versions 2.0.9.1, 2.1.4.1, and 2.2.3.1. This vulnerability could allow for shell escapes in the Lint and CommonLogger components of Rack...

10CVSS6.7AI score0.01801EPSS

Exploits0References2

OSV•added 2026/06/10 8:12 a.m.•3 views

SUSE-SU-2026:22066-1 Security update for elemental-operator

This update for elemental-operator fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260277. Changes for elemental-operator: - Fix substitution - Fix reference in labels - Adapt labels to pass...

9.6CVSS6.8AI score0.00565EPSS

Exploits2References16

PyPA•added 2026/06/09 11:16 p.m.•6 views

PYSEC-2026-210

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...

7.5CVSS5.5AI score0.00263EPSS

Exploits0References1Affected Software1

OSV•added 2026/06/08 9:27 a.m.•12 views

MAL-2026-5309 Malicious code in nodemon-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e62de7b45c63185183f5fe120bd363a176f70cb28d4abfeec9a3686b320a0b96 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score

Exploits0References1

OSSF Malicious Packages•added 2026/06/08 9:27 a.m.•10 views

Malicious code in nodemon-lint (npm)

5.5AI score

Exploits0References1

Snyk•added 2026/06/08 9:27 a.m.•5 views

Malicious Package

Overview nodemon-lint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score

Exploits0References2

RedhatCVE•added 2026/06/05 7:37 p.m.•8 views

CVE-2026-29051

melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and...

4.4CVSS5.7AI score0.00172EPSS

Exploits0References1

Snyk•added 2026/05/25 8:1 a.m.•12 views

Malicious Package

Overview lint-builder-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/25 8:1 a.m.•13 views

Malicious code in lint-builder-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82c210e5583e971220a00f5aada2972877928cbc0187f17b034c9112c4b87099 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

OSV•added 2026/05/25 8:1 a.m.•8 views

MAL-2026-4319 Malicious code in lint-builder-logger (npm)

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/23 10:18 p.m.•10 views

Malicious code in @gbrlxvii/ts-project-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ccd044c036fa133a25ae5988694388a63c47a5edcf58c36d1dad610b8d1194a0 The package self-describes as a TypeScript linter but on require silently loads lib/perf.js wrapped in try/catch in index.js which performs...

5.9AI score

Exploits0References9

OSV•added 2026/05/23 10:18 p.m.•8 views

MAL-2026-4299 Malicious code in @gbrlxvii/ts-project-lint (npm)

5.9AI score

Exploits0References9

vulnersOsv•added 2026/05/22 7:15 a.m.•4 views

karma-runner (=6.4.5), moment-om (=2.30.3) potentially affected by unknown CVE via get-package-lint (=0.1.0)

get-package-lint NPM version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on get-package-lint and may be impacted: - karma-runner =6.4.5 - moment-om =2.30.3 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4572...

5.5AI score

Exploits0

OSSF Malicious Packages•added 2026/05/22 7:15 a.m.•12 views

Malicious code in get-package-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 383f22ab2e1e8bbb44a44fa3828710f476947837d0b38aa9266eafcbf9959261 Package name typosquats the popular get-package-type and reuses its README/exports verbatim, but adds "postinstall": "node utils.cjs" in package.json...

5.8AI score

Exploits0References1

OSV•added 2026/05/22 7:15 a.m.•6 views

MAL-2026-4572 Malicious code in get-package-lint (npm)

5.8AI score

Exploits0References1

OSV•added 2026/05/19 12:0 a.m.•8 views

MAL-2026-4123 Malicious code in @lint-md/cli (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•14 views

Malicious code in @lint-md/parser (npm)

5.8AI score

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•10 views

Malicious code in @lint-md/cli (npm)

5.8AI score

Exploits0References5

OSV•added 2026/05/19 12:0 a.m.•8 views

MAL-2026-4145 Malicious code in lint-md-cli (npm)