Lucene search
K

122173 matches found

OSV
OSV
added yesterday3 views

ROOT-APP-NPM-CVE-2026-0000 CVE-2026-0000 in @rootio/react-leaflet-heatmap-layer - Patched by Root

Root has patched CVE-2026-0000 in the @rootio/react-leaflet-heatmap-layer package for Root:npm. Multiple fixed versions available...

5.8AI score
Exploits0
OSV
OSV
added yesterday5 views

ROOT-APP-NPM-GHSA-5C6J-R48X-RMVQ GHSA-5c6j-r48x-rmvq in @rootio/serialize-javascript - Patched by Root

Root has patched GHSA-5c6j-r48x-rmvq in the @rootio/serialize-javascript package for Root:npm. Multiple fixed versions available...

5.8AI score
Exploits0
OSV
OSV
added 2 days ago8 views

ROOT-APP-NPM-CVE-2026-44288 CVE-2026-44288 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44288 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

5.3CVSS5.4AI score0.00301EPSS
Exploits0
OSV
OSV
added 2 days ago6 views

ROOT-APP-NPM-CVE-2023-45857 CVE-2023-45857 in @rootio/axios - Patched by Root

Root has patched CVE-2023-45857 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

6.5CVSS5.4AI score0.00556EPSS
Exploits1
OSV
OSV
added 2 days ago5 views

MAL-2026-6572 Malicious code in rebrandly-domains-digger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d1744d2a299b9ef0526f49b4b2297fcd6c72581c51a3359801db56318d8cfda The package declares a preinstall hook that runs node callback.js. On npm install, callback.js collects installer-side identifiers — os.hostname,...

5.8AI score
Exploits0References2
OSV
OSV
added 2 days ago3 views

MAL-2026-6573 Malicious code in rebrandly-domains-search-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d4464320c8530d582d35f85ce95045182d82e1dd63a830644bcb68f05bdf10e Package [email protected] is an empty module index.js exports an empty object whose package.json preinstall hook runs node...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago8 views

Malicious code in polymarket-clob-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d67023e54ba355e9c82fd2a05d2d2448657a3ea9415ff18d3c4669a9fc0afb42 [email protected] ships a postinstall lifecycle script that performs an install-time remote-code-execution drop. On npm install, the script...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in ts-ankle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...

5.8AI score
Exploits0References2
OSV
OSV
added 4 days ago6 views

MAL-2026-6548 Malicious code in ts-ankle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago5 views

Malicious code in @epsteinlovekids483/crossmint-wallets-sdk-pentest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e43e5a418541bb3e485010eba536ecc9f1483dba866af53ff4a760684409213 Package's main entry dist/index.cjs unconditionally requires dist/shai-hulud.js at module load. On require, the code harvests installer secrets —...

5.9AI score
Exploits0References9
OSV
OSV
added 5 days ago4 views

ROOT-APP-NPM-CVE-2026-2739 CVE-2026-2739 in @rootio/bn.js - Patched by Root

Root has patched CVE-2026-2739 in the @rootio/bn.js package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.00467EPSS
Exploits0
OSV
OSV
added 5 days ago5 views

MAL-2026-6513 Malicious code in dtxto1ols (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 926fc822a2a507fafa6d2e1bb02a9b2bada7d89d3042bd3f0cac0ba2fd7c1991 package.json declares a postinstall script that runs automatically on npm install. The script performs filesystem reconnaissance find / -type f...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago6 views

Malicious code in dtxtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de085e4b6d38025a5a0b959b19b1022deaa7525b427e66679b58b6892328297a package.json declares a postinstall lifecycle script that auto-executes on npm install. The hook performs a recursive filesystem search for database...

5.9AI score
Exploits0References2
OSV
OSV
added 5 days ago5 views

MAL-2026-6498 Malicious code in dttfdsdee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae565bed85ec0db27f1ff658c7e9491591ce40edc56f423cd8b1122bc209c69c package.json declares a postinstall script that runs automatically on npm install. The script walks the entire filesystem with find to locate databas...

5.8AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago7 views

Malicious code in unsafe-malicious-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3579cb796e48f446b07e2dbbce2e301d1a3e87d8a9a35ed1dbe825fc53f29da9 On npm install, the package's postinstall lifecycle script scripts/postinstall.js reads the installer's AWS credentials file at /.aws/credentials and...

5.8AI score
Exploits0References9
OSV
OSV
added 6 days ago5 views

MAL-2026-6486 Malicious code in unsafe-malicious-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3579cb796e48f446b07e2dbbce2e301d1a3e87d8a9a35ed1dbe825fc53f29da9 On npm install, the package's postinstall lifecycle script scripts/postinstall.js reads the installer's AWS credentials file at /.aws/credentials and...

5.8AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in ref-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e1ef3e785cf6cb007c0b33be2ed43ebe49d64f476bb4fb3a66b914b06def5e1 On npm install, the package's postinstall hook runs node test.js which invokes index.js to perform multi-stage installer compromise. 1 Credential...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago7 views

Malicious code in @vpms/design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43ce5813fba2660b094a3e8a5c5a0bf2f1972530c294830c0a2e3d15dcd1b096 package.json declares preinstall="node index.js". On every npm install, index.js iterates process.env and harvests any variable whose name contains...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago5 views

Malicious code in easy-string-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cb77d96cfd133340395df1765df2426f8414d80158e62ee5832ab6d4a18e803 package.json declares a postinstall lifecycle script that automatically runs on npm install and executes roughly 25 curl POST requests harvesting...

6AI score
Exploits0References8
OSV
OSV
added 6 days ago5 views

ROOT-APP-NPM-CVE-2025-13033 CVE-2025-13033 in @rootio/nodemailer - Patched by Root

Root has patched CVE-2025-13033 in the @rootio/nodemailer package for Root:npm. Multiple fixed versions available...

7.5CVSS5.4AI score0.00498EPSS
Exploits0
Rows per page
Query Builder