CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

234641 matches found

OSSF Malicious Packages•added 2026/04/01 9:10 a.m.•4 views

Malicious code in base58-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3507af35455908a5b982b470adae215c0ee155a68cbe2a6a59a1f3b6bd98f342 The package base58-engine was found to contain malicious code. Source: ghsa-malware 9f811caacac31851267205cb855bc06a1a39a198f98d9510f12e27dfba097f83...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/04/01 9:10 a.m.•8 views

Malicious code in @logcore/pino-pretty-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a729cc1811bd1bc1fa94404ad4bcd8376c1a29b90311fd2a89efecff51fe592 The package @logcore/pino-pretty-logger was found to contain malicious code. Source: ghsa-malware...

5.8AI score

Exploits0References1

OSV•added 2026/04/01 9:10 a.m.•2 views

MAL-2026-2321 Malicious code in base58-engine (npm)

5.8AI score

Exploits0References1

The Hacker News•added 2026/04/01 6:12 a.m.•3 views

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence AI coding assistant, Claude Code, had been inadvertently released due to a human error. "No sensitive customer data or credentials were involved or exposed," an Anthropic spokesperson said in a statement...

6.1AI score

Exploits0

OSV•added 2026/03/31 6:13 p.m.•1 views

MAL-2026-2314 Malicious code in @c8o/nimbus-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8225c79aa127203c225df747705db370e11cfae184af100a063b2dfa4eb20eb8 The package @c8o/nimbus-core was found to contain malicious code. Source: ghsa-malware 23fd3197db4264e7b8ef6d65380e017c5b205b46a8e732df586feffcf3c7c7...

5.8AI score

Exploits0References1

Wiz blog•added 2026/03/31 8:26 a.m.•2 views

Axios NPM Distribution Compromised in Supply Chain Attack

A compromised axios maintainer account led to malicious npm releases that propagated across environments. Learn how to assess impact, detect compromise, and secure your development workflows...

5.9AI score

Exploits0

The Hacker News•added 2026/03/31 6:8 a.m.•15 views

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency that delivers a trojan capable of targeting Windows, macOS, and Linux systems. Versions 1.14.1 and 0.30.4 of Axios have been found to...

6.6AI score

Exploits0

OSSF Malicious Packages•added 2026/03/31 2:7 a.m.•10 views

Malicious code in plain-crypto-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f18d90df82216aedaaeca02607816457cfe0df4bc89bf292a4d7f3549e912d8c The package plain-crypto-js was found to contain malicious code. Source: ghsa-malware 4dfdc3dd18fb6fe824f34c663d26a2f7225e65a4b858a6f3ed6620a7a725c86...

5.9AI score

Exploits0References3

Positive Technologies•added 2026/03/30 12:0 a.m.•1 views

PT-2026-31957

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.24 Description OpenClaw versions before 2026.3.24 contain an arbitrary code execution vulnerability during local plugin and hook installation. Attackers can exploit this by crafting a malicious .npmrc file wit...

8.4CVSS6.4AI score0.0001EPSS

Exploits1References9

OSV•added 2026/03/29 10:45 p.m.•1 views

MAL-2026-2296 Malicious code in bos-decoration-elements (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cb5985779c5099333bec5b084b209c36dea0dd9fa47ef2c2d7c3630c33daaa5 The package bos-decoration-elements was found to contain malicious code. Source: ossf-package-analysis...

5.9AI score

Exploits0

vulnersOsv•added 2026/03/29 3:48 p.m.•4 views

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +11 more potentially affected by CVE-2026-35629 via openclaw (>=0.0.1 <=2026.3.24)

openclaw NPM version =0.0.1, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =3.3.2, =3.3.7 Source cves: CVE-2026-35629 Source advisory: OSV:GHSA-RHFG-J8JQ-7V2H...

7.4CVSS5.8AI score0.00046EPSS

Exploits0

OSSF Malicious Packages•added 2026/03/29 11:50 a.m.•5 views

Malicious code in f0-state-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 989b5f62777b6b7fbd236eb28a54b0e42ba48548dc0a49919c5f311c1f1c7072 The package f0-state-manager was found to contain malicious code. Source: ossf-package-analysis...

5.9AI score

Exploits0

OSV•added 2026/03/29 11:50 a.m.•2 views

MAL-2026-2287 Malicious code in f0-state-manager (npm)

5.9AI score

Exploits0

OSV•added 2026/03/29 10:58 a.m.•1 views

MAL-2026-2284 Malicious code in bizsignupnodeweb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ceaf1cee13e367f987a97f8de4c8fb4985ab1eedd49be1912467793dce9f0ef9 The package bizsignupnodeweb was found to contain malicious code. Source: ossf-package-analysis...

5.9AI score

Exploits0

OSV•added 2026/03/29 10:55 a.m.•4 views

MAL-2026-2286 Malicious code in sn3akysnak3-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21fa246103030890351ed5948825f415a78600c6aacb5187dbd840518f744d92 The package sn3akysnak3-test was found to contain malicious code. Source: ossf-package-analysis...

5.9AI score

Exploits0

OSSF Malicious Packages•added 2026/03/29 4:43 a.m.•3 views

Malicious code in @adac-fahrzeugplattform/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 779ce69d66db89d0bc1c8b82a373e6fed7e1b6a84d2cdf56bcab4b3076226f5f The package @adac-fahrzeugplattform/ui was found to contain malicious code. Source: ghsa-malware...

5.9AI score

Exploits0References1

OSV•added 2026/03/28 10:54 a.m.•3 views

MAL-2026-2274 Malicious code in autoshipment-public-front (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e88d7d57a4db4ac2a1f359905f9bff3aba5176c373833890d1f58befc32b4d8 The package autoshipment-public-front was found to contain malicious code. Source: ghsa-malware...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/28 10:54 a.m.•4 views

Malicious code in npmamzs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25a8c88c6c60c588983806906169ffad0a2a863d45482ac8e2740f320f7cb2ea The package npmamzs was found to contain malicious code. Source: ossf-package-analysis d494475ee013b73bb0df9b1f0533b2f169fb6feff4b7c3c282c3629588be4e...

5.9AI score

Exploits0

OSSF Malicious Packages•added 2026/03/27 3:24 a.m.•3 views

Malicious code in dgxeon-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d41bea5fa12db95f82f32ef9f61f3e7dc60e7ef381589dff3780e758c19441f5 The package dgxeon-baileys was found to contain malicious code. Source: ghsa-malware 6c59d91ff6ae7727c79a7dfac9d7a7251193e519cf4f1f846a7368c1db065340...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/27 3:24 a.m.•4 views

Malicious code in dgxeon-soket-buttonx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a92a6c68bc523541697f8bb80096a0b9425efac6c8413c08e4dea82afad4e4a The package dgxeon-soket-buttonx was found to contain malicious code. Source: ghsa-malware...

5.8AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by