136589 matches found
NPM: fast-uri vulnerable to path traversal via percent-encoded dot segments
NPM: fast-uri vulnerable to path traversal via percent-encoded dot segments vulnerability discovered by ? in WordPress Npm fast-uri versions = 3.1.0...
Malicious code in playgod (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0aee4818420709f0d12c4a32c97671628fffdb1255fefd1895b2c3f880f8b2b The package playgod was found to contain malicious code. Source: ossf-package-analysis a700663ab039dd35fa24734d883219fff845bb0c6017a5e0dcb0191dfa4676...
NPM: short-video-maker has a path traversal vulnerability
NPM: short-video-maker has a path traversal vulnerability discovered by ? in WordPress Npm short-video-maker versions = 1.3.4...
GHSA-54PG-9963-V8VG Compromised version of intercom-client published to npm
Impact On April 30, 2026, version 7.0.4 of intercom-client was published to npm using credentials obtained from a compromised developer account. This version was not produced by Intercom's build pipeline. The malicious version contained an obfuscated JavaScript payload that executed during packag...
MAL-2026-3363 Malicious code in mrdaa-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 757aca74d8d75ecde7421f2c632969a5b34c11a279d9d28b75755c2ca0825ceb The package mrdaa-frontend was found to contain malicious code. Source: ghsa-malware 0b6c586cd7adad52516658de8bbb3eb18f166350414f223fd73fe34a240d6948...
CVE-2026-42338 vulnerabilities
Vulnerabilities for packages: prism, langfuse, lerna, code-server, renovate, npm, saf, pulumi, kubeflow-pipelines, sqlpad, opensearch-dashboards, tileserver-gl...
GHSA-V2V4-37R5-5V8G vulnerabilities
Vulnerabilities for packages: prism, langfuse, lerna, code-server, renovate, npm, saf, pulumi, kubeflow-pipelines, sqlpad, opensearch-dashboards, tileserver-gl...
GHSA-V2V4-37R5-5V8G vulnerabilities
Vulnerabilities for packages: opensearch-dashboards-fips, lerna, librechat, wazuh-dashboard, langfuse, pulumi, npm, actions-runner, tileserver-gl-fips, saf, opensearch-dashboards, langfuse-fips, sqlpad, kibana, code-server, renovate, prism, wazuh-dashboard-fips, gemini-cli, tileserver-gl,...
CVE-2026-42338 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards-fips, lerna, librechat, wazuh-dashboard, langfuse, pulumi, npm, actions-runner, tileserver-gl-fips, saf, opensearch-dashboards, langfuse-fips, sqlpad, kibana, code-server, renovate, prism, wazuh-dashboard-fips, gemini-cli, tileserver-gl,...
CVE-2025-63706
NPM package next-npm-version1.0.1 is vulnerable to Command injection...
CVE-2025-63704
NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...
next-npm-version 1.0.1 安全漏洞
next-npm-version is a tool developed by Aric, a personal developer, for retrieving npm package versions. The version 1.0.1 of next-npm-version contains a security vulnerability, which stems from command injection...
NPM: Hono: bodyLimit() can be bypassed for chunked / unknown-length requests
NPM: Hono: bodyLimit can be bypassed for chunked / unknown-length requests vulnerability discovered by ? in WordPress Npm hono versions 4.12.16...
MAL-2026-3361 Malicious code in 24712-pl5004 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d79bb37b62b8d47ca459db0858a93ffb3c35e3791423c11a0853fb4ab17388e The package 24712-pl5004 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @paysafe-tracking/error-monitoring (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c2acf9c4e0793663b7ca39f1c5c5a4646e8cecb488863494d904cdce97e01df The package @paysafe-tracking/error-monitoring was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3360 Malicious code in @paysafe-tracking/error-monitoring (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c2acf9c4e0793663b7ca39f1c5c5a4646e8cecb488863494d904cdce97e01df The package @paysafe-tracking/error-monitoring was found to contain malicious code. Source: ossf-package-analysis...
NPM: Auth.js SDK has Improper Permission Checking
NPM: Auth.js SDK has Improper Permission Checking vulnerability discovered by ? in WordPress Npm auth0-js versions = 8.11.0, = 9.32.0...
NPM: Flowise: Bcrypt Password Hash Exposure
NPM: Flowise: Bcrypt Password Hash Exposure vulnerability discovered by ? in WordPress Npm flowise versions = 3.0.12...
MAL-2026-3353 Malicious code in money-badger-open-rpc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a9d70a5231934ee14ab33334a3de0db40d5520fb4ef092a5a24cbdffff9751e The package money-badger-open-rpc was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3352 Malicious code in carbonite-internal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4fec002c13bf1ef1b49658e5dc490ca30515cf414294154827adadab04cbc234 The package carbonite-internal was found to contain malicious code. Source: ossf-package-analysis...