Lucene search
K

234891 matches found

OSV
OSV
added 2026/04/02 12:10 p.m.5 views

MAL-2026-2427 Malicious code in partner-tracker-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abcff950068cf454cf07ead8614f95dd6291f4204f72ada102c7b4c3d72c0cd1 The package partner-tracker-api was found to contain malicious code. Source: ghsa-malware...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/02 12:10 p.m.3 views

Malicious code in vv-ftend-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3096bbbc1b06c1a0df854ff812112a3d902b8a5c8926880c146f8b36e8497897 The package vv-ftend-core was found to contain malicious code. Source: ghsa-malware 31aa4449ee3c83b67dd8e118498746b83b9b02e0d8fe6c095f6d08f6c7a9b62e...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/04/02 11:28 a.m.3 views

MAL-2026-2421 Malicious code in @mgcrae/pino-pretty-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c31dc9253706aebd955016075e321d19d7dfc9b231882d7b24a6c932fa3dfa80 The package @mgcrae/pino-pretty-logger was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/04/01 9:19 p.m.6 views

@01.software/cli (>=0.1.1 <=0.2.0-dev.260310.cf511cb), @01.software/sdk (>=0.0.1-251008.90016 <=0.3.0) +33 more potentially affected by CVE-2026-34747 via payload (>=3.0.0-alpha.46 <=3.79.0)

payload NPM version =3.0.0-alpha.46, =0.1.1, =0.0.1-251008.90016, =0.0.6, =0.0.3, =1.0.1-beta.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =3.64.0, =0.0.1-beta.0, =0.2.0, =0.2.14 and more Source cves: CVE-2026-34747 Source advisory: SNYK:JS-PAYLOAD-15873855...

8.5CVSS5.8AI score0.00317EPSS
Exploits0
EUVD
EUVD
added 2026/04/01 6:36 p.m.3 views

EUVD-2026-17958

An unauthenticated remote code execution RCE vulnerability exists in applications that use the Replicator node package manager npm version 1.0.5 to deserialize untrusted user input and execute the resulting object...

6.5CVSS6.5AI score0.00368EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/01 6:36 p.m.8 views

Replicator deserializes untrusted user input

An unauthenticated Remote Code Execution RCE vulnerability exists in applications that use the Replicator node package manager npm version 1.0.5 to deserialize untrusted user input and execute the resulting object...

6.5CVSS6AI score0.00368EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/01 4:11 p.m.23 views

CVE-2026-2265 Replicator 1.0.5 is vulnerable to Remote Code Execution through Insecure Deserialization

An unauthenticated remote code execution RCE vulnerability exists in applications that use the Replicator node package manager npm version 1.0.5 to deserialize untrusted user input and execute the resulting object...

0.00368EPSS
Exploits0References3
OSV
OSV
added 2026/04/01 9:11 a.m.6 views

MAL-2026-2323 Malicious code in ethersproject-wallet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b1c992cfad672d784afa83763c813b657de3834631b9dd92b6aaa7237e87440 The package ethersproject-wallet was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/01 9:11 a.m.15 views

Malicious code in raydium-bs58 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 866a59b63d949dfe36c6082c9daa6fddcb18993724e9980c245a49ff59944fee The package raydium-bs58 was found to contain malicious code. Source: ghsa-malware b6ba968c5cb1e12fc81fc5ed1694c2221b6ac0299199508b80100927801f07f3 A...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/01 9:11 a.m.10 views

Malicious code in bs58-basic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56502a3bb31374f7cf0d79d8abc98ccac595ca94fe2b9720daeeb9217901c9e0 The package bs58-basic was found to contain malicious code. Source: ghsa-malware 5101b36fd690268aa870c7d458d29e404540f3d3cc29dd19404137ca9f618f56 Any...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/01 9:11 a.m.14 views

Malicious code in base-x-64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2486f9bad36944300cb58e1a73a370afef7be10040daf814861d1b1a6287cdb8 The package base-x-64 was found to contain malicious code. Source: ghsa-malware d09ca9d36cb3821dc878f97db3b7e8ddef6f5f8e390373492186d10b668718f3 Any...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/04/01 9:10 a.m.6 views

MAL-2026-2324 Malicious code in jellyfi-pino-pretty-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d1230eb2336763c228ba6ac98d349f8cc64a1ae28755d8da374f336e77aa928 The package jellyfi-pino-pretty-logger was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/04/01 9:10 a.m.5 views

MAL-2026-2321 Malicious code in base58-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3507af35455908a5b982b470adae215c0ee155a68cbe2a6a59a1f3b6bd98f342 The package base58-engine was found to contain malicious code. Source: ghsa-malware 9f811caacac31851267205cb855bc06a1a39a198f98d9510f12e27dfba097f83...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/01 9:10 a.m.14 views

Malicious code in @logcore/pino-pretty-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a729cc1811bd1bc1fa94404ad4bcd8376c1a29b90311fd2a89efecff51fe592 The package @logcore/pino-pretty-logger was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/01 9:10 a.m.13 views

Malicious code in base-or-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2deff4ab9db147fda78b79b3687e76c9d46381670c58924f03f852518002a649 The package base-or-engine was found to contain malicious code. Source: ghsa-malware d6d4b7d60db50af8f8a9614f9ac0a742cf6472998e11e6233c6190b518332958...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/01 9:10 a.m.11 views

Malicious code in base58-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3507af35455908a5b982b470adae215c0ee155a68cbe2a6a59a1f3b6bd98f342 The package base58-engine was found to contain malicious code. Source: ghsa-malware 9f811caacac31851267205cb855bc06a1a39a198f98d9510f12e27dfba097f83...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/04/01 9:10 a.m.5 views

MAL-2026-2325 Malicious code in jonas-prettier-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28f4e8e2d6e083733be2f7a98647f2a7267b3be203837f3081b4884ef3b926a0 The package jonas-prettier-logger was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
The Hacker News
The Hacker News
added 2026/04/01 6:12 a.m.5 views

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence AI coding assistant, Claude Code, had been inadvertently released due to a human error. "No sensitive customer data or credentials were involved or exposed," an Anthropic spokesperson said in a statement...

6.1AI score
Exploits0
OSV
OSV
added 2026/03/31 6:13 p.m.4 views

MAL-2026-2314 Malicious code in @c8o/nimbus-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8225c79aa127203c225df747705db370e11cfae184af100a063b2dfa4eb20eb8 The package @c8o/nimbus-core was found to contain malicious code. Source: ghsa-malware 23fd3197db4264e7b8ef6d65380e017c5b205b46a8e732df586feffcf3c7c7...

5.8AI score
Exploits0References1
Wiz blog
Wiz blog
added 2026/03/31 8:26 a.m.5 views

Axios NPM Distribution Compromised in Supply Chain Attack

A compromised axios maintainer account led to malicious npm releases that propagated across environments. Learn how to assess impact, detect compromise, and secure your development workflows...

5.9AI score
Exploits0
Rows per page
Query Builder