Lucene search
K

136739 matches found

OSV
OSV
added 2026/05/11 4:56 p.m.6 views

MAL-2026-3508 Malicious code in crypto-javascri (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3f73f5a262aba7ba05c713d409646e419e998232fd536fd99c51750fa070699 The package crypto-javascri was found to contain malicious code. Source: google-open-source-security...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/11 4:25 p.m.5 views

MAL-2026-3507 Malicious code in @mimecast-ui/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e59a7d55636b02d0a28954889c22f021de5b4f33c525ce7712706df60cd9af3 The package @mimecast-ui/components was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
Patchstack
Patchstack
added 2026/05/11 2:50 p.m.14 views

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components discovered by ? in WordPress Npm react-server-dom-turbopack versions = 19.0.0, 19.0.6...

7.5CVSS5.8AI score0.01533EPSS
Exploits1References5Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/10 3:15 p.m.9 views

Malicious code in rsflows-pexml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ef5b11ec067e18cc3a024fee21e569e0f44cf180619e974cbb1dd8325e1b10c The package rsflows-pexml was found to contain malicious code. Source: ghsa-malware f1f4ac6cd17db4404613301b8405f7033d584985cb52af8c0aee3042bc1c0c8d...

5.6AI score
Exploits0References1
OSV
OSV
added 2026/05/10 3:15 p.m.9 views

MAL-2026-3422 Malicious code in rsflows-pexml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ef5b11ec067e18cc3a024fee21e569e0f44cf180619e974cbb1dd8325e1b10c The package rsflows-pexml was found to contain malicious code. Source: ghsa-malware f1f4ac6cd17db4404613301b8405f7033d584985cb52af8c0aee3042bc1c0c8d...

5.6AI score
Exploits0References1
OSV
OSV
added 2026/05/10 10:36 a.m.7 views

MAL-2026-3420 Malicious code in noon-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e2a4c1ac3896b7769b47ab6659bf7b0d49f229963c910d0c9b9be11c5291c12 The package noon-contracts was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/10 12:0 a.m.15 views

Malicious code in erslove (npm)

erslove is a typosquatting package impersonating resolve, the module resolution library implementing require.resolve semantics. The package bundles the legitimate resolve source and test fixtures to appear functional while hiding a credential-theft payload in index1.js, executed at install time v...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/08 10:46 p.m.11 views

MAL-2026-3421 Malicious code in oneblk-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f46bbc3e155a30851463f65a3f9d5af33ebd5172df5ad70f7b022a77448fc6eb The package oneblk-design-system was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
Patchstack
Patchstack
added 2026/05/08 8:43 p.m.8 views

NPM: Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability

NPM: Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability discovered by ? in WordPress Npm cline versions = 2.13.0...

5.8AI score0.0018EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/08 7:23 p.m.7 views

MAL-2026-3400 Malicious code in typo-crypto (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64edea611ad8e383c09495a7a6f7afd4fb86b88136c331ddf787bf0285259bf3 The package typo-crypto was found to contain malicious code...

5.8AI score
Exploits0
Patchstack
Patchstack
added 2026/05/08 5:15 p.m.8 views

NPM: fast-uri vulnerable to path traversal via percent-encoded dot segments

NPM: fast-uri vulnerable to path traversal via percent-encoded dot segments vulnerability discovered by ? in WordPress Npm fast-uri versions = 3.1.0...

7.5CVSS5.8AI score0.00521EPSS
Exploits0References4Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/08 5:16 a.m.11 views

Malicious code in playgod (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0aee4818420709f0d12c4a32c97671628fffdb1255fefd1895b2c3f880f8b2b The package playgod was found to contain malicious code. Source: ossf-package-analysis a700663ab039dd35fa24734d883219fff845bb0c6017a5e0dcb0191dfa4676...

5.8AI score
Exploits0
Patchstack
Patchstack
added 2026/05/08 12:31 a.m.16 views

NPM: short-video-maker has a path traversal vulnerability

NPM: short-video-maker has a path traversal vulnerability discovered by ? in WordPress Npm short-video-maker versions = 1.3.4...

6.9CVSS6AI score0.00575EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/05/07 5:32 p.m.4 views

GHSA-54PG-9963-V8VG Compromised version of intercom-client published to npm

Impact On April 30, 2026, version 7.0.4 of intercom-client was published to npm using credentials obtained from a compromised developer account. This version was not produced by Intercom's build pipeline. The malicious version contained an obfuscated JavaScript payload that executed during packag...

9.3CVSS5.8AI score
Exploits0References6
OSV
OSV
added 2026/05/07 3:55 a.m.4 views

MAL-2026-3363 Malicious code in mrdaa-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 757aca74d8d75ecde7421f2c632969a5b34c11a279d9d28b75755c2ca0825ceb The package mrdaa-frontend was found to contain malicious code. Source: ghsa-malware 0b6c586cd7adad52516658de8bbb3eb18f166350414f223fd73fe34a240d6948...

5.8AI score
Exploits0References1
Wolfi
Wolfi
added 2026/05/07 2:1 a.m.14 views

GHSA-V2V4-37R5-5V8G vulnerabilities

Vulnerabilities for packages: code-server, prism, saf, opensearch-dashboards, lerna, pulumi, langfuse, npm, renovate, tileserver-gl, kubeflow-pipelines, sqlpad...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2026/05/07 2:1 a.m.17 views

CVE-2026-42338 vulnerabilities

Vulnerabilities for packages: code-server, prism, saf, opensearch-dashboards, lerna, pulumi, langfuse, npm, renovate, tileserver-gl, kubeflow-pipelines, sqlpad...

8.1CVSS7.1AI score0.00441EPSS
Exploits1
Chainguard
Chainguard
added 2026/05/07 1:17 a.m.10 views

GHSA-V2V4-37R5-5V8G vulnerabilities

Vulnerabilities for packages: renovate, tileserver-gl-fips, opensearch-dashboards-fips, tileserver-gl, opensearch-dashboards, lerna, saf, wazuh-dashboard-fips, prism, kubeflow-pipelines, actions-runner, code-server, npm, langfuse, langfuse-fips, pulumi, sqlpad, librechat, wazuh-dashboard, kibana,...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/05/07 1:17 a.m.14 views

CVE-2026-42338 vulnerabilities

Vulnerabilities for packages: renovate, tileserver-gl-fips, opensearch-dashboards-fips, tileserver-gl, opensearch-dashboards, lerna, saf, wazuh-dashboard-fips, prism, kubeflow-pipelines, actions-runner, code-server, npm, langfuse, langfuse-fips, pulumi, sqlpad, librechat, wazuh-dashboard, kibana,...

8.1CVSS7.1AI score0.00441EPSS
Exploits1
Cvelist
Cvelist
added 2026/05/07 12:0 a.m.30 views

CVE-2025-63706

NPM package next-npm-version1.0.1 is vulnerable to Command injection...

0.01523EPSS
Exploits0References3
Rows per page
Query Builder