Lucene search
K

195 matches found

cnnvd
cnnvd
added 2026/01/07 12:0 a.m.4 views

pnpm 安全漏洞

pnpm is a package manager in the pnpm open source. A security vulnerability exists in pnpm 10.26.2 and earlier versions, which stems from a missing integrity hash in the HTTP compressed package dependencies stored in the lock file, which could cause the server to serve different content...

8.8CVSS6.2AI score0.0031EPSS
Exploits1References3
filippoio
filippoio
added 2026/01/05 8:6 p.m.8 views

go.sum Is Not a Lockfile

I need everyone to stop looking at go.sum, especially to analyze dependency graphs. It is not a “lockfile,”1 and it has zero semantic effects on version resolution. There is truly no use case for ever parsing it outside of cmd/go. go.sum is only a local cache for the Go Checksum Database. It’s a...

7AI score
Exploits0
githubexploit
githubexploit
added 2025/12/06 2:41 a.m.443 views

Exploit for CVE-2025-66478

fix-react2shell-next One...

7.1AI score
Exploits111
githubexploit
githubexploit
added 2025/12/04 12:22 p.m.158 views

Exploit for CVE-2025-55182

🔍 Phoenix SCA Scanner - Universal - Version for CVE-2025-55182...

10CVSS7AI score0.99562EPSS
Exploits388
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-1999-1168

Malware in sbrugna...

4.6CVSS6.4AI score0.00307EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2010-1154

Malware in sbrugna...

2.1CVSS6.4AI score0.00231EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-15407

Malicious code in bioql PyPI...

8.3CVSS6.3AI score0.00352EPSS
Exploits1References7
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-1409

Malicious code in bioql PyPI...

10CVSS4.9AI score0.02675EPSS
Exploits1References4
ossf
ossf
added 2025/09/26 9:39 a.m.3 views

Malicious code in pnpm_prune_lockfile_v9 (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
osv
osv
added 2025/09/26 9:39 a.m.2 views

MAL-2025-47717 Malicious code in pnpm_prune_lockfile_v9 (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
osv
osv
added 2025/09/26 9:39 a.m.2 views

MAL-2025-47716 Malicious code in pnpm_prune_lockfile_v8 (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
ossf
ossf
added 2025/09/26 9:39 a.m.4 views

Malicious code in pnpm_prune_lockfile_v8 (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
ossf
ossf
added 2025/09/26 9:39 a.m.4 views

Malicious code in pnpm_lockfile_file_v9 (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
osv
osv
added 2025/09/26 9:39 a.m.3 views

MAL-2025-47715 Malicious code in pnpm_lockfile_file_v9 (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
ossf
ossf
added 2025/09/26 9:39 a.m.3 views

Malicious code in pnpm_lockfile_file_v8 (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
osv
osv
added 2025/09/26 9:39 a.m.2 views

MAL-2025-47714 Malicious code in pnpm_lockfile_file_v8 (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
osv
osv
added 2025/09/10 10:8 a.m.2 views

MAL-2025-47021 Malicious code in rushstack-lockfile-explorer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00ab388958610beed90f3054ac980a3e187917b93ec99f6f75cbeeff5c3f5dbe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
snyk
snyk
added 2025/09/10 10:8 a.m.2 views

Malicious Package

Overview rushstack-lockfile-explorer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
ossf
ossf
added 2025/09/10 10:8 a.m.3 views

Malicious code in rushstack-lockfile-explorer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00ab388958610beed90f3054ac980a3e187917b93ec99f6f75cbeeff5c3f5dbe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
veracode
veracode
added 2025/05/21 3:8 p.m.9 views

Incorrect Behavior Order

lockfile-lint-api is vulnerable to Incorrect Behavior Order. The vulnerability is due to early validation of the resolved attribute in package URLs, which can be bypassed by extending the package name, allowing attackers to install unintended npm packages...

8.3CVSS6.6AI score0.00352EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder