Lucene search
K

136739 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/20 3:46 p.m.9 views

Malicious code in internal_insights_enabled (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b767ca0c2e6450230a1b4d2bfa3f974fc6e9cac87198adb5c3084ea5f6dcd5f7 The package internalinsightsenabled was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/04/20 3:46 p.m.9 views

MAL-2026-2959 Malicious code in internal_insights_enabled (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b767ca0c2e6450230a1b4d2bfa3f974fc6e9cac87198adb5c3084ea5f6dcd5f7 The package internalinsightsenabled was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/04/20 2:21 p.m.7 views

MAL-2026-2951 Malicious code in hifromhere1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82931dc7313b2b9b93b8664655cbe445702e0fdcf1cc7e587b27758d2ef9cda1 The package hifromhere1 was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/20 1:39 p.m.7 views

Malicious code in tailwind-text-fill (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe1d70f1253bacbb57d827b49a08cede06a039323a86af19cebaa08cefe2cbdd The package tailwind-text-fill was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
Snyk
Snyk
added 2026/04/20 1:34 p.m.6 views

Malicious Package

Overview tailwindthml-flips is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
CISA
CISA
added 2026/04/20 12:0 p.m.15 views

​​Supply Chain Compromise Impacts Axios Node Package Manager​

The Cybersecurity and Infrastructure Security Agency CISA is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager npm.1 Axios is an HTTP client for JavaScript that developers commonly use in Node.js and browser environments...

6AI score
Exploits0References9
OSV
OSV
added 2026/04/20 6:34 a.m.5 views

MAL-2026-2938 Malicious code in bignum-ts-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9302a5bb5d61b77b3bb20e1bc630cfc2ef2411f09200b10b9b3bdf3afbb21d11 The package bignum-ts-v2 was found to contain malicious code. Source: ghsa-malware cbe2f3378d63ab27729cde1a688d110842d5efda3b4e1e88c2eacf54161b4f0f A...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/04/20 6:32 a.m.6 views

MAL-2026-2935 Malicious code in @tushar-br/desktop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c25eb4a54e706177aecf51b4124524e6e7d0534b02d9b8e6970169a9df8189ef The package @tushar-br/desktop was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/20 6:23 a.m.12 views

Malicious code in krdfonts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a15ce04475542747dedb873a3b01d84d049ca808da879da611089e66db7e434e The package krdfonts was found to contain malicious code. Source: ghsa-malware 4e5c97aa939f62290759af39ce8ffae53746a8b7e48e2f72e8972573fede14b6 Any...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/04/20 6:15 a.m.5 views

MAL-2026-2940 Malicious code in mailcraftjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27f66d32585597a7eeaa611a0c5f0fd20ee5a035d98d00ace5c0a333ae36b5be The package mailcraftjs was found to contain malicious code. Source: ghsa-malware bc9eb14094700cd30fbd04c4f4b7e75c8971e1ceb5442320dba55befe0fdccb7 An...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/04/20 6:15 a.m.5 views

MAL-2026-2943 Malicious code in turbo-he (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1da17bf1f37303e3d91056c1ce674462279861bc896e413f1d262548ff6b3647 The package turbo-he was found to contain malicious code. Source: ghsa-malware 6bd9985ec0cf97c08347814d88b84c1c12cd8f22507a76e2a78cacb06c6840a6 Any...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/19 5:21 p.m.8 views

Malicious code in pa-marked (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e01d64e50dea2a8be10707dbd49869a6bcea570bf26829a1738ca2237882249 The package pa-marked was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score
Exploits0
OSV
OSV
added 2026/04/18 7:55 a.m.7 views

MAL-2026-2918 Malicious code in apple-cloudkit-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cfcd7e5376478b86db5942e2492ae0763bad14dda004c55988edf420f5e62ce The package apple-cloudkit-internal was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/18 6:43 a.m.10 views

Malicious code in ac-sasskit-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c88124eb460a9e33e146185720f25d78918a3b360c1e41d55889b0b392f7ef5f The package ac-sasskit-internal was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/04/17 10:16 p.m.7 views

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +14 more potentially affected by CVE-2026-43530 via openclaw (>=2026.3.22 <=2026.4.11)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 and more Source cves: CVE-2026-43530 Source advisory: SNYK:JS-OPENCLAW-16109736...

8.8CVSS5.4AI score0.00356EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/17 9:57 p.m.10 views

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +15 more potentially affected by CVE-2026-43526 via openclaw (>=0.0.1 <=2026.4.11)

openclaw NPM version =0.0.1, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 and more Source cves: CVE-2026-43526 Source advisory: OSV:GHSA-2767-2Q9V-9326...

9.3CVSS5.4AI score0.00251EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/17 9:55 p.m.8 views

OpenClaw: Empty approver lists could grant explicit approval authorization

Summary Empty approver lists could grant explicit approval authorization. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.12 Impact For helper-backed channels, an empty resolved approver list could be interpreted as explicit approval authorization,...

6.5CVSS5.7AI score0.00244EPSS
Exploits0References6Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/17 9:54 p.m.8 views

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +14 more potentially affected by CVE-2026-43584 via openclaw (>=0.0.1 <=2026.4.1)

openclaw NPM version =0.0.1, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 and more Source cves: CVE-2026-43584 Source advisory: OSV:GHSA-VFP4-8X56-J7C5...

8.8CVSS5.4AI score0.00392EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/17 9:32 p.m.11 views

Complete Bypass of CVE-2026-24884 Patch via Git-Delivered Symlink Poisoning in compressing

Executive Summary This report documents a critical security research finding in the compressing npm package specifically tested on the latest v2.1.0. The core vulnerability is a Partial Fix Bypass of CVE-2026-24884. The current patch relies on a purely logical string validation within the...

8.4CVSS6AI score0.00334EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2026/04/17 9:1 p.m.6 views

MAL-2026-2926 Malicious code in material-ui-plugin-cache-endpoint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45efd49ad74d002b46224881218cf53c763e58c0b71ed3d3ff3a79d1021f3a64 The package material-ui-plugin-cache-endpoint was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Rows per page
Query Builder