CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

GitLab Advisory Database•added 2025/11/25 12:0 a.m.•2 views

@actbase/react-native-devtools contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score

GitLab Advisory Database•added 2025/11/25 12:0 a.m.•4 views

@actbase/react-native-less-transformer contains malware after npm account takeover

7.1AI score

GitLab Advisory Database•added 2025/11/25 12:0 a.m.•6 views

@actbase/react-absolute contains malware after npm account takeover

7.1AI score

Github Security Blog•added 2020/09/01 6:58 p.m.•27 views

mysqljs is malware

The mysqljs package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concern...

7.5CVSS7.3AI score0.00322EPSS

OSV•added 2020/09/01 6:58 p.m.•16 views

GHSA-8GV6-G7VP-HR34 mysqljs is malware

7.5CVSS7.6AI score0.00322EPSS

Exploits0References2

Github Security Blog•added 2018/11/09 5:49 p.m.•17 views

sqlserver is malware

The sqlserver package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security conce...

Github Security Blog•added 2018/11/09 5:43 p.m.•23 views

gruntcli is malware

The gruntcli package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concer...

Github Security Blog•added 2018/11/09 5:43 p.m.•16 views

mssql-node is malware

The mssql-node package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this module is malware, if you find it installed in your environment, the real security conce...

OSV•added 2018/11/09 5:43 p.m.•13 views

GHSA-3P8F-J2VW-7HW9 mssql-node is malware

OSV•added 2018/11/09 5:43 p.m.•16 views

GHSA-5MHV-9QW8-J63G mssql.js is malware

The mssql.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concer...

Github Security Blog•added 2018/11/09 5:43 p.m.•21 views

mssql.js is malware

OSV•added 2018/11/09 5:42 p.m.•16 views

GHSA-9XGH-XGW5-P5CW nodemssql is malware

The nodemssql package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security conce...

Github Security Blog•added 2018/11/09 5:42 p.m.•14 views

nodemssql is malware

Github Security Blog•added 2018/11/01 2:47 p.m.•18 views

node-tkinter is malware

The node-tkinter package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

Github Security Blog•added 2018/11/01 2:47 p.m.•27 views

tkinter is malware

The tkinter package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concern...

7.5CVSS7.3AI score0.00262EPSS

OSV•added 2018/11/01 2:47 p.m.•13 views

GHSA-RWG6-3FMJ-W4WX tkinter is malware

7.5CVSS7.6AI score0.00262EPSS

Exploits0References2

OSV•added 2018/10/10 5:28 p.m.•10 views

GHSA-J68R-23HJ-XF9C node-openssl is malware

The node-openssl package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

Github Security Blog•added 2018/10/03 8:27 p.m.•20 views

node-opensl is malware

The node-opensl package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

OSV•added 2018/08/29 11:57 p.m.•14 views

GHSA-72HV-RP4Q-Q7F3 babelcli is malware

The babelcli package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concer...