CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/06/10 1:34 p.m.•6 views

Malicious Package

Overview npmjstruffle-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score

Snyk•added 2026/06/10 8:27 a.m.•9 views

Embedded Malicious Code

Overview @builder.io/dev-tools is a Builder.io Visual CMS Devtools Affected versions of this package are vulnerable to Embedded Malicious Code. The affected version contains malicious code, and its content was removed from the official package manager. While this package might be attempting to...

9.8CVSS5.4AI score

Snyk•added 2026/06/09 2:47 p.m.•4 views

Malicious Package

Overview clsx-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.5AI score

Snyk•added 2026/06/02 3:59 p.m.•6 views

Malicious Package

Overview chai-parse is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.5AI score

Wiz blog•added 2026/06/01 12:45 p.m.•21 views

Miasma: Supply Chain Attack Targeting RedHat npm Packages

Detect and mitigate malicious npm packages linked to the latest npm supply chain attack, based on the open sourced Mini Shai-Hulud malware...

OSSF Malicious Packages•added 2026/06/01 8:0 a.m.•12 views

Exploits0

Malicious code in @ownit/core (npm)

Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...

Snyk•added 2026/05/31 9:0 p.m.•7 views

Exploits0

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score

Snyk•added 2026/05/29 10:2 p.m.•10 views

Malicious Package

Overview nextjs-chat-with-ai-service is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score

OSSF Malicious Packages•added 2026/05/28 12:0 a.m.•12 views

Malicious code in @car-loans/general-analytics (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

OSV•added 2026/05/28 12:0 a.m.•7 views

MAL-2026-5026 Malicious code in @mlspace/shared-storage (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

OSSF Malicious Packages•added 2026/05/28 12:0 a.m.•63 views

Malicious code in @cloudplatform-single-spa/monaas-ui (npm)

OSSF Malicious Packages•added 2026/05/28 12:0 a.m.•12 views

Malicious code in @cloudplatform-single-spa/dns (npm)