CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/20 1:0 a.m.•3 views

MAL-2026-4532 Malicious code in code-tool-langfuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13591fd81486fc2001b5c998ff87badefcb81f4c396aa43675a7280a6fed23cf The package installs a Claude Code Stop hook and patches OpenCode plugin code so that every future AI session's user prompts, assistant responses, to...

OSV•added 2026/05/20 12:54 a.m.•6 views

Exploits0References5

MAL-2026-4579 Malicious code in hpsetup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16ed0c34d69e1ea3c5052e3eed20b87fc47e8d4bf1393f7117d34b847347e12c When npx hpsetup runs, the tool fetches a tarball from https://hpsetup-cdn.932324.xyz/api/tarball//?key= and extracts it directly into...

6.3AI score

Exploits0References11

OSSF Malicious Packages•added 2026/05/20 12:46 a.m.•5 views

Malicious code in etherjs-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 335b4f699510e2bb1171a9137655f6977d5554f508e612eab97b4239c1249be1 package.json declares a postinstall script that performs an HTTPS GET to an ephemeral pinggy-free.link tunnel URL...

OSV•added 2026/05/20 12:46 a.m.•5 views

MAL-2026-4239 Malicious code in etherjs-utils (npm)

OSSF Malicious Packages•added 2026/05/20 12:44 a.m.•9 views

Malicious code in @mcpassure/mcp-cnes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 243d5ff1424c2d147ee05781c1889b007eb30e22a190bf6dc3973b676ea697a7 dist/bootstrap.js performs a fetch against https://pub-046c52795b9445cd9f5cc5cb21b9d59f.r2.dev, an anonymous Cloudflare R2 bucket with no publisher...

5.9AI score

Exploits0References11

OSSF Malicious Packages•added 2026/05/20 12:37 a.m.•5 views

Malicious code in hardhat-gas-profiler-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c21e0ec3571fccc81c8e047835e84f75b6f0d95e2e4ee7e3d11537b99eab8115 Package impersonates the Hardhat plugin ecosystem real Hardhat plugins are published under @nomicfoundation/; the referenced github.com/hardhat/...

OSV•added 2026/05/20 12:37 a.m.•2 views

MAL-2026-4244 Malicious code in hardhat-gas-profiler-plugin (npm)

OSSF Malicious Packages•added 2026/05/20 12:35 a.m.•8 views

Malicious code in chainlink-price-feed-aggregator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 557bc05b86e81155a6305c13693641f32ca21520bac827af82b2a785f4f669d4 Package name impersonates Chainlink branding while being published by an unrelated identity author 'Web3 Developer Tools ', repo github.com/web3/...

OSV•added 2026/05/20 12:35 a.m.•2 views

MAL-2026-4233 Malicious code in chainlink-price-feed-aggregator (npm)

OSSF Malicious Packages•added 2026/05/20 12:21 a.m.•6 views

Malicious code in ganache-cli-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 144bbaf975156b3114f5526a7e9a8ffbe8eb411a541c7e457b7bf444200a02c5 Package name impersonates the widely-used ganache-cli Ethereum development tool but ships only a 138-byte index.js stub that wraps...

6AI score

OSV•added 2026/05/20 12:21 a.m.•3 views

MAL-2026-4243 Malicious code in ganache-cli-provider (npm)

6AI score

OSV•added 2026/05/20 12:21 a.m.•3 views

MAL-2026-4248 Malicious code in solna-web3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6076f4236301f997d420c7daba9b12c035fe2866fa9fa42f59be230b5e90350a Package name 'solna-web3' is a one-character typosquat of the popular '@solana/web3.js' drops the 'a' from 'solana'. The package's only real...

OSV•added 2026/05/20 12:9 a.m.•3 views

MAL-2026-4247 Malicious code in solana-pda-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 932b19a77a3ac634909a0f284df48d9b2a8b28f9c5370bd50306d7ba5a1335e9 On npm install, package.json's postinstall hook runs node -e to issue an https.get against...

OSSF Malicious Packages•added 2026/05/20 12:8 a.m.•5 views

Malicious code in foundry-deploy-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14ad9106b013b6e68056e1afe40a833d89b1c2037aab7b67d4b24bba1dbf4c77 package.json declares a postinstall hook that runs node -e with an inline childprocess.execSync invoking curl -fsSL...

OSV•added 2026/05/20 12:8 a.m.•2 views

MAL-2026-4241 Malicious code in foundry-deploy-helper (npm)

OSSF Malicious Packages•added 2026/05/20 12:0 a.m.•4 views

Malicious code in ethers-multicall-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe5e969b4ca41dbbd6ef1c04c12d48906ea4477b39493e766045effd4939d748 On npm install, the package's postinstall script spawns node -e to run an inline childprocess.execSync that curls a binary from...

OSV•added 2026/05/19 11:54 p.m.•5 views

MAL-2026-4451 Malicious code in @tailwind-core/vite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f9a00740b85c3ce7b36a9ba242f3eccc9ebf3d4f626ab911342c50d63b48805 The package name @tailwind-core/vite impersonates the official @tailwindcss/vite plugin from tailwindlabs, and its package.json declares three...

OSV•added 2026/05/19 11:53 p.m.•3 views

Exploits0References1

MAL-2026-4602 Malicious code in lokal-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04df34ff182a72a46dc032016ed38e0caf7452ac3b8d382bb15221706c01a9e8 index.js contains a hardcoded URL https://rettfrabonden.com referenced alongside process.env reads and fetch POST calls index.js line 24 defines the...

OSSF Malicious Packages•added 2026/05/19 11:51 p.m.•6 views

Exploits0References1

Malicious code in tubebrain (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4773b7c6b3832dbd9b733f1bbe60d85f6a85a0764ad0c43345962c09add1cca lib/bootstrap.js contains a hardcoded outbound channel to https://transscendsurvival.org alongside calls to https://api.github.com and reads of...