CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

Snyk•added 2026/04/28 10:0 p.m.•6 views

Malicious Package

Overview @validate-ethereum-address/core is a malicious package. This package contains malicious code, and its content was not yet removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...

9.8CVSS5.8AI score

Exploits0References2

OSSF Malicious Packages•added 2025/12/23 8:10 a.m.•7 views

Malicious code in elf-stats-sleighing-hammer-902 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b59e6f3e736d07e9305a2c51519d0635a8c24eca451d83955f59221c5f5fb29 The package elf-stats-sleighing-hammer-902 was found to contain malicious code...

7AI score

Exploits0

OSV•added 2025/03/03 1:43 p.m.•2 views

MAL-2025-1956 Malicious code in web-attendant (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score

Exploits0

OSV•added 2025/03/03 1:27 p.m.•4 views

MAL-2025-1822 Malicious code in google-internal (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score

Exploits0

OSV•added 2025/03/03 1:25 p.m.•5 views

MAL-2025-1801 Malicious code in epicagames-database (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score

Exploits0

OSV•added 2025/03/03 1:18 p.m.•2 views

MAL-2025-1727 Malicious code in apple-admin (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score

Exploits0

Redos•added 2023/06/16 12:0 a.m.•7 views

ROS-20230616-08

The npm package manager vulnerability is related to the npm package ignoring the file exclusion directives .gitignore and .npmignore root-level file exclusions when run in a workspace or with the workspace flag e.g., --workspaces, --workspace=. Exploitation of the vulnerability could allow an...

7.5CVSS7.3AI score0.03441EPSS

Exploits0

Redos•added 2023/06/16 12:0 a.m.•25 views

ROS-20230616-01

7.5CVSS7.7AI score0.03441EPSS

Exploits0

BDU FSTEC•added 2020/03/26 12:0 a.m.•3 views

Vulnerability of the `exec` function in the gulp-scss-lint package from the NPM package manager, allowing attackers to execute arbitrary commands.

The vulnerability of the exec function in the src/command.js file of the gulp-scss-lint package exists because measures to eliminate special elements used in operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS8.2AI score0.02644EPSS

Exploits1References5Affected Software1

Positive Technologies•added 2019/12/11 12:0 a.m.•2 views

PT-2019-1104 · Npm +6 · Npm Cli +6

Name of the Vulnerable Software and Affected Versions: npm CLI versions prior to 6.13.4 Description: The issue allows for an Arbitrary File Overwrite due to the failure to prevent existing globally-installed binaries from being overwritten by other package installations. For example, if a package...

9.8CVSS7.2AI score0.57132EPSS

Exploits2References106