Lucene search
K

136739 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/07 12:0 a.m.6 views

CVE-2025-63704

NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...

5.8AI score0.00476EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.7 views

next-npm-version 1.0.1 安全漏洞

next-npm-version is a tool developed by Aric, a personal developer, for retrieving npm package versions. The version 1.0.1 of next-npm-version contains a security vulnerability, which stems from command injection...

9.8CVSS5.8AI score0.01523EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/06 11:50 p.m.10 views

NPM: Hono: bodyLimit() can be bypassed for chunked / unknown-length requests

NPM: Hono: bodyLimit can be bypassed for chunked / unknown-length requests vulnerability discovered by ? in WordPress Npm hono versions 4.12.16...

6.5CVSS5.8AI score0.00219EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/06 10:30 p.m.7 views

MAL-2026-3361 Malicious code in 24712-pl5004 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d79bb37b62b8d47ca459db0858a93ffb3c35e3791423c11a0853fb4ab17388e The package 24712-pl5004 was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/06 10:0 p.m.11 views

Malicious code in @paysafe-tracking/error-monitoring (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c2acf9c4e0793663b7ca39f1c5c5a4646e8cecb488863494d904cdce97e01df The package @paysafe-tracking/error-monitoring was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/06 10:0 p.m.4 views

MAL-2026-3360 Malicious code in @paysafe-tracking/error-monitoring (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c2acf9c4e0793663b7ca39f1c5c5a4646e8cecb488863494d904cdce97e01df The package @paysafe-tracking/error-monitoring was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
Patchstack
Patchstack
added 2026/05/06 5:5 p.m.9 views

NPM: Auth.js SDK has Improper Permission Checking

NPM: Auth.js SDK has Improper Permission Checking vulnerability discovered by ? in WordPress Npm auth0-js versions = 8.11.0, = 9.32.0...

5.8AI score0.00211EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/06 3:32 p.m.8 views

NPM: Flowise: Bcrypt Password Hash Exposure

NPM: Flowise: Bcrypt Password Hash Exposure vulnerability discovered by ? in WordPress Npm flowise versions = 3.0.12...

6.3CVSS5.8AI score0.00259EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/05/06 9:15 a.m.6 views

MAL-2026-3353 Malicious code in money-badger-open-rpc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a9d70a5231934ee14ab33334a3de0db40d5520fb4ef092a5a24cbdffff9751e The package money-badger-open-rpc was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/06 6:20 a.m.7 views

MAL-2026-3352 Malicious code in carbonite-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4fec002c13bf1ef1b49658e5dc490ca30515cf414294154827adadab04cbc234 The package carbonite-internal was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/05 9:15 p.m.2 views

GHSA-JXH8-JH77-XH6G @evomap/evolver's validator sandbox allowlist permits `npm`/`npx`, yielding RCE from Hub-delivered validation tasks via lifecycle scripts

Summary The validator-mode sandbox executor src/gep/validator/sandboxExecutor.js places npm and npx in its hard executable allowlist. Because npm install and npx -y -p execute arbitrary code by design preinstall/install/postinstall lifecycle scripts and remote-package bin entries, and because...

8.1CVSS6.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/05 9:15 p.m.14 views

@evomap/evolver's validator sandbox allowlist permits `npm`/`npx`, yielding RCE from Hub-delivered validation tasks via lifecycle scripts

Summary The validator-mode sandbox executor src/gep/validator/sandboxExecutor.js places npm and npx in its hard executable allowlist. Because npm install and npx -y -p execute arbitrary code by design preinstall/install/postinstall lifecycle scripts and remote-package bin entries, and because...

6.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/05 6:43 p.m.7 views

NPM: OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution

NPM: OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.23...

6.3AI score
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/05 1:35 p.m.5 views

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +13 more potentially affected by CVE-2026-42439 via openclaw (>=2026.3.22 <=2026.4.1)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-42439 Source advisory: SNYK:JS-OPENCLAW-16420273...

8.5CVSS5.4AI score0.00242EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/05 11:51 a.m.8 views

Malicious code in trevlo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3414c71889d8ebf7ad09c9b0bf9ab63f8f6589e1e030e35e40a971b767f51ad1 The package trevlo was found to contain malicious code. Source: ghsa-malware 01d7778a4b391062b3f0b2200861fde5a0b4c750eb4ebab90d36940142ae9293 Any...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/05 11:40 a.m.6 views

MAL-2026-3339 Malicious code in nf-ui-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5d1fc3aadbb204f6da1c0db37a6e1b540bdcc3964bd033d5657a067d7e246cc The package nf-ui-components was found to contain malicious code. Source: ghsa-malware 4ab8cac0b0cae1864121f4fd7223e6cb7bb0168d113ece4974f94aae4e2418...

5.8AI score
Exploits0References1
Wolfi
Wolfi
added 2026/05/05 1:58 a.m.16 views

CVE-2026-41672 vulnerabilities

Vulnerabilities for packages: saf, npm, sqlpad...

8.7CVSS5.8AI score0.00365EPSS
Exploits0
Wolfi
Wolfi
added 2026/05/05 1:58 a.m.16 views

GHSA-X6WF-F3PX-WCQX vulnerabilities

Vulnerabilities for packages: saf, npm, sqlpad...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2026/05/05 1:58 a.m.15 views

GHSA-J759-J44W-7FR8 vulnerabilities

Vulnerabilities for packages: saf, npm, sqlpad...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2026/05/05 1:58 a.m.17 views

GHSA-2V35-W6HQ-6MFW vulnerabilities

Vulnerabilities for packages: saf, npm, sqlpad...

5.8AI score
Exploits0
Rows per page
Query Builder