CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/06/08 9:0 a.m.•7 views

MAL-2026-5306 Malicious code in chai-mocks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e65359853241724a1b519599469dadfcd2b32674455db9fe5284cb7553a5ddf4 The package masquerades as a pino-style logger middleware but is a remote code loader. When the exported middleware is invoked, index.js spawns a...

6.5AI score

OSV•added 2026/06/08 2:31 a.m.•3 views

MAL-2026-5366 Malicious code in zer0one-dnslog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 903c45d49e6716373a67196c41e8acfbf8afa3320a635380ffe3403e8f127605 The package is published as a 'simple date formatting utility' but ships a postinstall payload that, on npm install, runs a curl pipeline against clo...

5.6AI score

Exploits0References10

OSSF Malicious Packages•added 2026/06/08 2:31 a.m.•6 views

Malicious code in zer0one-dnslog (npm)

5.6AI score

Exploits0References10

OSSF Malicious Packages•added 2026/06/06 7:29 p.m.•18 views

Malicious code in uisp-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 351b32a85d024168970d1a2e8b7c9c5e6ff6f1d31191390f248a988d9ea6b9a9 package.json declares preinstall: node index.js || true, causing index.js to run automatically on npm install. index.js issues a DNS resolution and...

5.5AI score

vulnersOsv•added 2026/06/05 3:21 p.m.•2 views

vantage6-algorithm-store (>=4.3.0 <=4.15.1rc1), vantage6-node (>=0.0.0 <=4.15.1rc1) +1 more potentially affected by CVE-2024-24769 via vantage6 (>=0.0.0 <=4.9.1)

vantage6 PYPI version =0.0.0, =4.3.0, =0.0.0, =0.0.0, =4.15.1rc1 Source cves: CVE-2024-24769 Source advisory: OSV:GHSA-5549-C5Q7-FJ65...

5.5AI score0.00051EPSS

Exploits0

OSV•added 2026/06/05 2:23 p.m.•7 views

MAL-2026-5270 Malicious code in reactvora (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1cfcb3bd27816a88e8b3dd4f1fac5c0378232af112bf70a452056a637ce7d131 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score

OSSF Malicious Packages•added 2026/06/05 12:53 a.m.•7 views

Malicious code in @ethlete/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

OSSF Malicious Packages•added 2026/06/05 12:53 a.m.•10 views

Malicious code in @ethlete/cdk (npm)

OSV•added 2026/06/05 12:53 a.m.•13 views

MAL-2026-5209 Malicious code in @vapi-ai/server-sdk (npm)

OSV•added 2026/06/05 12:53 a.m.•5 views

MAL-2026-5259 Malicious code in github-archiver (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d36f95b6a426c5832df260fb417a52efac5da2bef351a5fff36d136ce229157 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/06/05 12:53 a.m.•7 views

Exploits0References3

MAL-2026-5210 Malicious code in ai-sdk-ollama (npm)

OSV•added 2026/06/04 9:5 p.m.•5 views

ROOT-APP-NPM-CVE-2026-44005 CVE-2026-44005 in @rootio/vm2 - Patched by Root

Root has patched CVE-2026-44005 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...

10CVSS6AI score0.00117EPSS

Exploits1

OSSF Malicious Packages•added 2026/06/04 8:49 p.m.•12 views

Malicious code in hello244a (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02e5f7412a9593e0ec3d0d8c28082c01edff82746bd48966c6fb88a3b1f88866 The package contains no library code, no main entry, and no documented functionality. Its only file is package.json, which declares a postinstall...

5.4AI score

Exploits0References5

OSV•added 2026/06/04 7:49 p.m.•1 views

ROOT-APP-NPM-CVE-2022-33987 CVE-2022-33987 in @rootio/got - Patched by Root

Root has patched CVE-2022-33987 in the @rootio/got package for Root:npm. Multiple fixed versions available...

5.3CVSS8.1AI score0.00847EPSS

Exploits0

OSV•added 2026/06/04 7:49 p.m.•4 views

ROOT-APP-NPM-CVE-2025-64718 CVE-2025-64718 in @rootio/js-yaml - Patched by Root

Root has patched CVE-2025-64718 in the @rootio/js-yaml package for Root:npm. Multiple fixed versions available...

5.3CVSS5.4AI score0.00025EPSS

Exploits0

OSV•added 2026/06/04 6:55 p.m.•19 views

MAL-2026-5187 Malicious code in supabase (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa2bdcc065a6d4c2b1512f8b68fed22618050c0435c12890c74a2f1405c62093 Withdrawn Advisory This advisory has been withdrawn because the malware detection was a false positive. This link is maintained to preserve external...

5.5AI score

OSSF Malicious Packages•added 2026/06/04 6:54 p.m.•10 views

Malicious code in autotel-terminal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eecd710c08cdc339632aae89ee93e200267cea1c34d6b429ca9202265480842f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/06/04 12:5 p.m.•5 views

Exploits0References3

Malicious code in cms-store-ren (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3593e36ce898d648883ea6f911a5cec1f75f9e8bda5585f7ff5f8754c821de The package's scripts.install runs install.js on every npm install. The script unconditionally POSTs the installer's hostname, OS, and architecture t...

6.4AI score

OSV•added 2026/06/04 12:5 p.m.•5 views

MAL-2026-5364 Malicious code in cms-store-ren (npm)

6.4AI score