Malicious code in paysafe-venmo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fce8d34aa19e18a627c71bd9fd4d16246319ca05abafd983708a534663a573f The package paysafe-venmo was found to contain malicious code. Source: ghsa-malware 678a8d684fa9e6f72f98c45d404c3e749491bd582d4b78ddc4bc3d020ae3c172...

GHSA-XV6W-GXJ8-V943 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: hubble-ui, sftpgo-plugin-eventstore, terraform-provider-pagerduty, step-kms-plugin, cis-operator, kaf, spiffe-helper, aws-efs-csi-driver, cue, docker-credential-gcr, external-dns, flannel, kube-fluentd-operator, kubernetes-csi-driver-hostpath,...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: terraform-provider-pagerduty, flannel, kube-fluentd-operator, litestream, slsa-verifier, kube-arangodb, docker-credential-acr-env, git-credential-oauth, trillian, consul-k8s, pvc-autoresizer, mattermost, docker-cli-buildx, kubernetes-csi-driver-nfs, eksctl,...

CLEANSTART-2026-JT73156 protojson

Multiple security vulnerabilities affect the prometheus-node-exporter package. The protojson. See references for individual vulnerability details...

EUVD-2026-21579

GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows authenticated users with document upload permissions to trigger arbitrary outbound HTTP requests by providing a malicious URL via the docurl parameter during document upload...

CVE-2026-40190 LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScript/TypeScript SDK langsmith contains an incomplete prototype pollution fix in its internally vendored lodash set utility. The baseAssignValue function only guards against the...

CVE-2026-5483

A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the odh-dashboard component of Red Hat OpenShift AI RHOAI allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to...

CVE-2026-5483 Odh-dashboard: odh dashboard kubernetes service account exposure

A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the odh-dashboard component of Red Hat OpenShift AI RHOAI allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to...

CVE-2026-5483

CVE-2026-5483 – Odh-dashboard component in Red Hat OpenShift AI has a flaw that allows disclosure of Kubernetes Service Account tokens through a NodeJS endpoint, enabling potential unauthorized access to Kubernetes resources. Affected product: Red Hat OpenShift AI (odh-dashboard). Root cause: inf...

GHSA-2CRG-3P73-43XP @sveltejs/adapter-node has a BODY_SIZE_LIMIT bypass

Under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers of the application stack, so limits enforced in the WAF, gateway, or at the platform level are unaffected...

Allocation of Resources Without Limits or Throttling

Overview @sveltejs/kit is a SvelteKit framework and CLI Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the request processing. An attacker can send requests that exceed BODYSIZELIMIT restriction to applications running with adapter-node...

@sveltejs/adapter-node has a BODY_SIZE_LIMIT bypass

Under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers of the application stack, so limits enforced in the WAF, gateway, or at the platform level are unaffected...

CVE-2026-40073

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers...

CVE-2026-35641

OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install execution in the staged package directory, attackers can...

MAL-2026-2537 Malicious code in @b2b-portal/form (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bfd3d2bf611173cd9899eb7ae28620ce52dd78812b47d5f9ca1fc68555c5b70 The package @b2b-portal/form was found to contain malicious code. Source: ghsa-malware 01b5517a25cba37fda750436dbbba1fe86b2c36fb7eafbbb0b49cf17d95e5a...

CVE-2026-40073

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers...

CVE-2026-40073 SvelteKit has a BODY_SIZE_LIMIT bypass in @sveltejs/adapter-node

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers...

CVE-2026-40073

SvelteKit (framework for building web apps with Svelte) contains a vulnerability in adapter-node prior to version 2.57.1 where, under certain conditions, requests could bypass the BODY_SIZE_LIMIT. The issue is scoped to SvelteKit applications using adapter-node and does not affect body size limit...

CVE-2026-40073 SvelteKit has a BODY_SIZE_LIMIT bypass in @sveltejs/adapter-node

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers...