CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

311745 matches found

OSSF Malicious Packages•added 2026/05/23 10:18 p.m.•8 views

Malicious code in @gbrlxvii/ts-project-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ccd044c036fa133a25ae5988694388a63c47a5edcf58c36d1dad610b8d1194a0 The package self-describes as a TypeScript linter but on require silently loads lib/perf.js wrapped in try/catch in index.js which performs...

5.9AI score

Exploits0References9

OSV•added 2026/05/23 10:18 p.m.•7 views

MAL-2026-4299 Malicious code in @gbrlxvii/ts-project-lint (npm)

5.9AI score

Exploits0References9

OSSF Malicious Packages•added 2026/05/23 6:19 p.m.•8 views

Malicious code in pewter-constantstest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 050b19d8dad7c8c1a626c953493c23b375e434128f38950625f82b0fb244eabe On npm install, the preinstall script callback.js collects the installer's hostname, OS username, current working directory, npm registry...

5.8AI score

Exploits0References1

OSV•added 2026/05/23 5:57 p.m.•4 views

MAL-2026-4384 Malicious code in @dreamlake/lakeshore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef6f14503697000ebd139364326d859a625a27a669e6f53b3e7a9388c3b0b25 On install, dist/cli/daemon/install.js fetches content from https://pub-c0109e197b4a4d1abe5884ac4dd3a023.r2.dev — an anonymous Cloudflare R2 bucket —...

6AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/23 5:57 p.m.•10 views

Malicious code in @dreamlake/lakeshore (npm)

6AI score

Exploits0References2

OSV•added 2026/05/23 3:34 p.m.•5 views

MAL-2026-4578 Malicious code in hiura-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ebb60061f29d4f4279bca1129ebfccefb928bd22364f26961205935ff71393f This is a fork of the Baileys WhatsApp library that adds undocumented behavior abusing the consumer's authenticated WhatsApp account for the author's...

5.8AI score

Exploits0References3

OSV•added 2026/05/23 2:17 a.m.•6 views

MAL-2026-4548 Malicious code in dds-js-idl-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68e8941c301603919022f1d67d311d576d5d5efcac7ed7cb0d3526cb71e829d6 On npm install, the package's postinstall.js runs whoami and reads os.hostname, os.platform, the current working directory, and CI-related environmen...

5.8AI score

Exploits0References2

OSV•added 2026/05/23 1:25 a.m.•6 views

MAL-2026-4683 Malicious code in tax4all-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 411707aa243c516b714830da4805c4abacaa4d5f7e2e8959773cd93468dd78aa The exported ContactForm Vue component in deploy/dist/index.js hardcodes form submissions to https://formsubmit.co/ajax/[email protected] — the...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/23 12:0 a.m.•9 views

Malicious code in llm-context-compressor (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

6AI score

Exploits0References7

OSSF Malicious Packages•added 2026/05/23 12:0 a.m.•10 views

Malicious code in dev-env-bootstrapper (npm)

6.2AI score

Exploits0References3

OSSF Malicious Packages•added 2026/05/23 12:0 a.m.•8 views

Malicious code in prompt-engineering-toolkit (npm)

6AI score

Exploits0References4

OSV•added 2026/05/23 12:0 a.m.•8 views

MAL-2026-4279 Malicious code in model-switch-router (npm)