136739 matches found
MAL-2026-3508 Malicious code in crypto-javascri (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3f73f5a262aba7ba05c713d409646e419e998232fd536fd99c51750fa070699 The package crypto-javascri was found to contain malicious code. Source: google-open-source-security...
MAL-2026-3507 Malicious code in @mimecast-ui/components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e59a7d55636b02d0a28954889c22f021de5b4f33c525ce7712706df60cd9af3 The package @mimecast-ui/components was found to contain malicious code. Source: ossf-package-analysis...
NPM: Facebook React has a Denial of Service Vulnerability in React Server Components
NPM: Facebook React has a Denial of Service Vulnerability in React Server Components discovered by ? in WordPress Npm react-server-dom-turbopack versions = 19.0.0, 19.0.6...
Malicious code in rsflows-pexml (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ef5b11ec067e18cc3a024fee21e569e0f44cf180619e974cbb1dd8325e1b10c The package rsflows-pexml was found to contain malicious code. Source: ghsa-malware f1f4ac6cd17db4404613301b8405f7033d584985cb52af8c0aee3042bc1c0c8d...
MAL-2026-3422 Malicious code in rsflows-pexml (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ef5b11ec067e18cc3a024fee21e569e0f44cf180619e974cbb1dd8325e1b10c The package rsflows-pexml was found to contain malicious code. Source: ghsa-malware f1f4ac6cd17db4404613301b8405f7033d584985cb52af8c0aee3042bc1c0c8d...
MAL-2026-3420 Malicious code in noon-contracts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e2a4c1ac3896b7769b47ab6659bf7b0d49f229963c910d0c9b9be11c5291c12 The package noon-contracts was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in erslove (npm)
erslove is a typosquatting package impersonating resolve, the module resolution library implementing require.resolve semantics. The package bundles the legitimate resolve source and test fixtures to appear functional while hiding a credential-theft payload in index1.js, executed at install time v...
MAL-2026-3421 Malicious code in oneblk-design-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f46bbc3e155a30851463f65a3f9d5af33ebd5172df5ad70f7b022a77448fc6eb The package oneblk-design-system was found to contain malicious code. Source: ossf-package-analysis...
NPM: Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability
NPM: Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability discovered by ? in WordPress Npm cline versions = 2.13.0...
MAL-2026-3400 Malicious code in typo-crypto (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64edea611ad8e383c09495a7a6f7afd4fb86b88136c331ddf787bf0285259bf3 The package typo-crypto was found to contain malicious code...
NPM: fast-uri vulnerable to path traversal via percent-encoded dot segments
NPM: fast-uri vulnerable to path traversal via percent-encoded dot segments vulnerability discovered by ? in WordPress Npm fast-uri versions = 3.1.0...
Malicious code in playgod (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0aee4818420709f0d12c4a32c97671628fffdb1255fefd1895b2c3f880f8b2b The package playgod was found to contain malicious code. Source: ossf-package-analysis a700663ab039dd35fa24734d883219fff845bb0c6017a5e0dcb0191dfa4676...
NPM: short-video-maker has a path traversal vulnerability
NPM: short-video-maker has a path traversal vulnerability discovered by ? in WordPress Npm short-video-maker versions = 1.3.4...
GHSA-54PG-9963-V8VG Compromised version of intercom-client published to npm
Impact On April 30, 2026, version 7.0.4 of intercom-client was published to npm using credentials obtained from a compromised developer account. This version was not produced by Intercom's build pipeline. The malicious version contained an obfuscated JavaScript payload that executed during packag...
MAL-2026-3363 Malicious code in mrdaa-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 757aca74d8d75ecde7421f2c632969a5b34c11a279d9d28b75755c2ca0825ceb The package mrdaa-frontend was found to contain malicious code. Source: ghsa-malware 0b6c586cd7adad52516658de8bbb3eb18f166350414f223fd73fe34a240d6948...
GHSA-V2V4-37R5-5V8G vulnerabilities
Vulnerabilities for packages: code-server, prism, saf, opensearch-dashboards, lerna, pulumi, langfuse, npm, renovate, tileserver-gl, kubeflow-pipelines, sqlpad...
CVE-2026-42338 vulnerabilities
Vulnerabilities for packages: code-server, prism, saf, opensearch-dashboards, lerna, pulumi, langfuse, npm, renovate, tileserver-gl, kubeflow-pipelines, sqlpad...
GHSA-V2V4-37R5-5V8G vulnerabilities
Vulnerabilities for packages: renovate, tileserver-gl-fips, opensearch-dashboards-fips, tileserver-gl, opensearch-dashboards, lerna, saf, wazuh-dashboard-fips, prism, kubeflow-pipelines, actions-runner, code-server, npm, langfuse, langfuse-fips, pulumi, sqlpad, librechat, wazuh-dashboard, kibana,...
CVE-2026-42338 vulnerabilities
Vulnerabilities for packages: renovate, tileserver-gl-fips, opensearch-dashboards-fips, tileserver-gl, opensearch-dashboards, lerna, saf, wazuh-dashboard-fips, prism, kubeflow-pipelines, actions-runner, code-server, npm, langfuse, langfuse-fips, pulumi, sqlpad, librechat, wazuh-dashboard, kibana,...
CVE-2025-63706
NPM package next-npm-version1.0.1 is vulnerable to Command injection...