Lucene search
+L

728 matches found

osv
osv
added 2026/07/06 6:53 p.m.6 views

MAL-2026-6845 Malicious code in lint-nuler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3f9e0e240b15ecbe934992f121b12fa84d736e4432e20346c7860941517acaf2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
ossf
ossf
added 2026/07/06 6:53 p.m.9 views

Malicious code in lint-nuler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3f9e0e240b15ecbe934992f121b12fa84d736e4432e20346c7860941517acaf2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
osv
osv
added 2026/06/30 2:10 p.m.9 views

MAL-2026-6677 Malicious code in ts-lint-builders-v2.1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fc4c23edadea0930347028a24b67219dad6d3cbc4ec0fe1f93e8954425107ad On npm install, the package's postinstall hook node test.js executes a multi-stage attack against the installer. 1 It recursively scans the current...

5.8AI score
Exploits0References2
ossf
ossf
added 2026/06/30 2:10 p.m.13 views

Malicious code in ts-lint-builders-v2.1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fc4c23edadea0930347028a24b67219dad6d3cbc4ec0fe1f93e8954425107ad On npm install, the package's postinstall hook node test.js executes a multi-stage attack against the installer. 1 It recursively scans the current...

5.8AI score
Exploits0References2
ossf
ossf
added 2026/06/24 6:26 a.m.12 views

Malicious code in bn-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c14057d91b2283926b2b0c1093a66db17c40efbd0ceb21c29b0bdbfa79736da5 Package is published as 'bn-lint' but ships a verbatim copy of MikeMcl/big.js README, source, version banner v7.0.1, and repo URL all identify as...

5.9AI score
Exploits0References2
osv
osv
added 2026/06/24 6:26 a.m.8 views

MAL-2026-6376 Malicious code in bn-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c14057d91b2283926b2b0c1093a66db17c40efbd0ceb21c29b0bdbfa79736da5 Package is published as 'bn-lint' but ships a verbatim copy of MikeMcl/big.js README, source, version banner v7.0.1, and repo URL all identify as...

5.9AI score
Exploits0References2
osv
osv
added 2026/06/10 8:12 a.m.5 views

SUSE-SU-2026:22066-1 Security update for elemental-operator

This update for elemental-operator fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260277. Changes for elemental-operator: - Fix substitution - Fix reference in labels - Adapt labels to pass...

9.6CVSS6.8AI score0.00781EPSS
Exploits2References16
pypa
pypa
added 2026/06/09 11:16 p.m.10 views

PYSEC-2026-210

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1Affected Software1
ossf
ossf
added 2026/06/08 9:27 a.m.13 views

Malicious code in nodemon-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51b598671d8b4d96e826035c56685f7064e10dbcf7cf150e7ab4b2bd9194ad9a Package is published as nodemon-lint but its package.json, README, bin name nodemon, homepage nodemon.io, and source tree are a verbatim copy of Remy...

5.9AI score
Exploits0References2
snyk
snyk
added 2026/06/08 9:27 a.m.8 views

Malicious Package

Overview nodemon-lint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
osv
osv
added 2026/06/08 9:27 a.m.15 views

MAL-2026-5309 Malicious code in nodemon-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51b598671d8b4d96e826035c56685f7064e10dbcf7cf150e7ab4b2bd9194ad9a Package is published as nodemon-lint but its package.json, README, bin name nodemon, homepage nodemon.io, and source tree are a verbatim copy of Remy...

6.1AI score
Exploits0References2
redhatcve
redhatcve
added 2026/06/05 7:37 p.m.14 views

CVE-2026-29051

melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and...

4.4CVSS5.7AI score0.00172EPSS
Exploits0References1
ossf
ossf
added 2026/05/25 8:1 a.m.15 views

Malicious code in lint-builder-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82c210e5583e971220a00f5aada2972877928cbc0187f17b034c9112c4b87099 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
snyk
snyk
added 2026/05/25 8:1 a.m.19 views

Malicious Package

Overview lint-builder-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
osv
osv
added 2026/05/25 8:1 a.m.10 views

MAL-2026-4319 Malicious code in lint-builder-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82c210e5583e971220a00f5aada2972877928cbc0187f17b034c9112c4b87099 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
ossf
ossf
added 2026/05/23 10:18 p.m.15 views

Malicious code in @gbrlxvii/ts-project-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ccd044c036fa133a25ae5988694388a63c47a5edcf58c36d1dad610b8d1194a0 The package self-describes as a TypeScript linter but on require silently loads lib/perf.js wrapped in try/catch in index.js which performs...

5.9AI score
Exploits0References9
osv
osv
added 2026/05/23 10:18 p.m.13 views

MAL-2026-4299 Malicious code in @gbrlxvii/ts-project-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ccd044c036fa133a25ae5988694388a63c47a5edcf58c36d1dad610b8d1194a0 The package self-describes as a TypeScript linter but on require silently loads lib/perf.js wrapped in try/catch in index.js which performs...

5.9AI score
Exploits0References9
osv
osv
added 2026/05/22 7:15 a.m.9 views

MAL-2026-4572 Malicious code in get-package-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 383f22ab2e1e8bbb44a44fa3828710f476947837d0b38aa9266eafcbf9959261 Package name typosquats the popular get-package-type and reuses its README/exports verbatim, but adds "postinstall": "node utils.cjs" in package.json...

5.8AI score
Exploits0References1
ossf
ossf
added 2026/05/22 7:15 a.m.14 views

Malicious code in get-package-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 383f22ab2e1e8bbb44a44fa3828710f476947837d0b38aa9266eafcbf9959261 Package name typosquats the popular get-package-type and reuses its README/exports verbatim, but adds "postinstall": "node utils.cjs" in package.json...

5.8AI score
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Ruby-Rack

A sequence injection vulnerability exists in Rack versions 2.0.9.1, 2.1.4.1, and 2.2.3.1. This vulnerability could allow for shell escapes in the Lint and CommonLogger components of Rack...

10CVSS6.7AI score0.01801EPSS
Exploits0References2
Rows per page
Query Builder