40 matches found
Build Fast, Build Secure: Wiz findings are now in Lovable
With Wiz in Lovable, every builder can catch and fix risks in real time, keeping apps secure as they’re created...
Malicious Package
Overview lovable-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview lovable-cookie-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview lovable-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
Malicious Package
Overview lovable-loggers is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2025-33738
Malicious code in lovable-ts npm...
Malicious code in lovable-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bdd25899ff870aeb3b0ade0eb3b9d360a82f3a71dd4dd872e8f3dc4019ce982 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview lovable-ts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
MAL-2025-48300 Malicious code in lovable-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bdd25899ff870aeb3b0ade0eb3b9d360a82f3a71dd4dd872e8f3dc4019ce982 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Lovable VDP: Improper Authorization Leads to Editor can toggle admin-only workspace features (Lovable AI)
The API endpoint /workspaces//tool-preferences/aigateway/enable did not enforce proper authorization checks. As a result, an account with the Editor role was able to disable the workspace-wide admin-only Lovable AI feature, which powers key AI functionalities across the workspace...
Lovable VDP: Improper Authorization Leads to Editor can toggle admin-only workspace features (Lovable Cloud)
A vulnerability was discovered where an account with the Editor role could call an API endpoint that disabled workspace-wide admin-only features. This was due to a lack of server-side role checks, allowing a vertical privilege escalation...
EUVD-2025-16441
Malicious code in bioql PyPI...
EUVD-2025-32179
Malicious code in bioql PyPI...
EUVD-2025-32180
Malicious code in bioql PyPI...
Lovable VDP: Low-privileged user can enable or disable Lovable AI for new projects in workspace
A vulnerability was discovered that allowed low-privileged users to enable or disable Lovable AI for new projects in a workspace. The vulnerability was caused by improper authorization, which enabled low-privileged users to modify the Lovable AI settings by replaying certain API endpoints...
Malicious code in lovable-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 903b816cc2c837a614d951c1cbb34aa264a93001e84b0c642687025ed9793e64 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in lovable-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 55d5b437f91405ceb1fe18cde50960c5b8ad03910dede2cbdd179627eed2d82e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview lovable-react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview lovable-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
MAL-2025-47887 Malicious code in lovable-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 903b816cc2c837a614d951c1cbb34aa264a93001e84b0c642687025ed9793e64 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...