252619 matches found
GHSA-533Q-W4G6-5586 PsiTransfer: Upload PATCH path traversal can create `config.<NODE_ENV>.js` and lead to code execution on restart
Summary The upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In deployments that use a supported custom PSITRANSFERUPLOADDIR whose basename prefixes a...
@appwise/oauth2-server (>=0.0.19 <=0.2.2), @dyne/slangroom-chain (>=1.4.0 <=1.16.10) +8 more potentially affected by CVE-2026-41213 via @node-oauth/oauth2-server (>=5.0.0-rc.3 <=5.2.1)
@node-oauth/oauth2-server NPM version =5.0.0-rc.3, =0.0.19, =1.4.0, =1.3.0, =4.0.0, =1.16.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 Source cves: CVE-2026-41213 Source advisory: SNYK:JS-NODEOAUTHOAUTH2SERVER-16420261...
Malicious code in chai-as-init (npm)
chai-as-init is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/c2e881b8bc0fe2121454 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
MAL-2026-2895 Malicious code in chai-as-optimized (npm)
chai-as-optimized is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/0ac7efbc0b6b1a53b305 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
MAL-2026-2891 Malicious code in chai-as-init (npm)
chai-as-init is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/c2e881b8bc0fe2121454 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
Malicious code in lightweight-charts-4.1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f7a7bcf5678b42c2da20ad8e444066092ac3a9c17a6c8867a034717d1d8c344 The package lightweight-charts-4.1 was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2817 Malicious code in lightweight-charts-4.1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f7a7bcf5678b42c2da20ad8e444066092ac3a9c17a6c8867a034717d1d8c344 The package lightweight-charts-4.1 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in modern-events (npm)
modern-events is a malicious npm package that when imported and using the function EventEmitter.emit... in file events.js exfiltrates local system information via telegram and slack and downloads a backdoor Win64/FaxedCook to C:/ProgramData/Policy/PublisherPolicy.tms. --- -= Per source details. D...
Malicious code in sanitize-url (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36f98260cc1b910a8921671795398ad7f986f02b0b7bc8efef18a4df09b87d51 The package sanitize-url was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in youpin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d2434bf56ac3bd217b20d87570b4be5eb5c96c17669d38ae4bf7c959dd21b29 The package youpin was found to contain malicious code...
MAL-2026-2806 Malicious code in youpin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d2434bf56ac3bd217b20d87570b4be5eb5c96c17669d38ae4bf7c959dd21b29 The package youpin was found to contain malicious code...
MAL-2026-2805 Malicious code in winston-prisma (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bc2a581514f0a9f03ad807946bb8aa90ed013936e91ed2a413ced0966986921 The package winston-prisma was found to contain malicious code...
Malicious code in transcript-viewer-ui-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d52899913925c544bb906fcc1d752431c86c54c3465310a8eee4318ba29164e0 The package transcript-viewer-ui-demo was found to contain malicious code...
MAL-2026-2804 Malicious code in transcript-viewer-ui-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d52899913925c544bb906fcc1d752431c86c54c3465310a8eee4318ba29164e0 The package transcript-viewer-ui-demo was found to contain malicious code...
Malicious code in tailwind-configuration (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60061f038f742f65f6876c278646b1b91d880677e6ba9dff2c87ea021f5b6aa9 The package tailwind-configuration was found to contain malicious code...
MAL-2026-2803 Malicious code in tailwind-configuration (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60061f038f742f65f6876c278646b1b91d880677e6ba9dff2c87ea021f5b6aa9 The package tailwind-configuration was found to contain malicious code...
Malicious code in synthetics-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f901ab2d37659ee8585c20804e368b185c14c0e5fc49e51a3148fb439b728bad The package synthetics-sdk-node was found to contain malicious code...
MAL-2026-2802 Malicious code in synthetics-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f901ab2d37659ee8585c20804e368b185c14c0e5fc49e51a3148fb439b728bad The package synthetics-sdk-node was found to contain malicious code...
MAL-2026-2801 Malicious code in sfx-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3fe291f014f24a669e43d0092e768f822241c223899812aeeb652ade2dcc63f The package sfx-data was found to contain malicious code...
Malicious code in sfx-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3fe291f014f24a669e43d0092e768f822241c223899812aeeb652ade2dcc63f The package sfx-data was found to contain malicious code...