Lucene search
K

1940 matches found

Chainguard
Chainguard
added yesterday7 views

CVE-2026-59871 vulnerabilities

Vulnerabilities for packages: npm...

7.5CVSS6.1AI score0.00358EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/02 12:0 a.m.9 views

Malicious code in @marketfront/bannerpopup (npm)

The @marketfront/bannerpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6AI score
Exploits0References2
The Hacker News
The Hacker News
added 2026/06/26 11:5 a.m.6 views

Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, even as it has propagated to the Go ecosystem. "The latest activity includes malicious npm releas...

6.5AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.14 views

Malicious code in executable-stories-cypress (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 838176fbbb9290f1ee55af50cd6e292d461f33565a675a6e965bbe50d3b6c3ec No concrete installer-harm evidence was identified in this version of executable-stories-cypress. No lifecycle hook payloads, hardcoded exfiltration...

6.1AI score
Exploits0References8
OSV
OSV
added 2026/06/05 12:53 a.m.20 views

MAL-2026-5230 Malicious code in autotel-subscribers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 374da77433b452664266e009188064316b6defdcb0ee4b7e391a158a0a5ca6bf No concrete installer-harm signals were identified in this version of autotel-subscribers. There is no observed lifecycle script fetching remote...

6.2AI score
Exploits0References31
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.13 views

Malicious code in eslint-plugin-executable-stories-playwright (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3b2b639cf616d5d975e12b917cfd679b4e247fce023e0b2bbf64b7a1482b596 No concrete installer-harm signals were identified in this package version. No lifecycle scripts, hardcoded network destinations, credential-path...

6AI score
Exploits0References4
OSV
OSV
added 2026/06/05 12:53 a.m.10 views

MAL-2026-5250 Malicious code in executable-stories-cypress (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 838176fbbb9290f1ee55af50cd6e292d461f33565a675a6e965bbe50d3b6c3ec No concrete installer-harm evidence was identified in this version of executable-stories-cypress. No lifecycle hook payloads, hardcoded exfiltration...

6.2AI score
Exploits0References8
vulnersOsv
vulnersOsv
added 2026/06/03 9:38 p.m.7 views

browserstack-tape-runner (>=1.0.0 <=3.0.0), duplo (>=1.6.11 <=1.9.1) +4 more potentially affected by CVE-2026-49144 via browserstack-runner (>=0.2.1 <=0.9.4)

browserstack-runner NPM version =0.2.1, =1.0.0, =1.6.11, =0.1.4, =0.1.1, =2.0.2 - run-browserstack-tests =1.0.2 - yasmf-localization =0.0.2 Source cves: CVE-2026-49144 Source advisory: OSV:GHSA-8RPW-6CQH-2V9H...

7.1CVSS5.4AI score0.00208EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 8:0 a.m.17 views

Malicious code in @customer-threesixty/assets (npm)

Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/01 12:0 a.m.13 views

MAL-2026-5136 Malicious code in @redhat-cloud-services/frontend-components-notifications (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/01 12:0 a.m.9 views

MAL-2026-5146 Malicious code in @redhat-cloud-services/remediations-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 12:0 a.m.15 views

Malicious code in @redhat-cloud-services/patch-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 12:0 a.m.12 views

Malicious code in @redhat-cloud-services/notifications-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 12:0 a.m.18 views

Malicious code in @redhat-cloud-services/frontend-components-utilities (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/01 12:0 a.m.17 views

MAL-2026-5145 Malicious code in @redhat-cloud-services/patch-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 12:0 a.m.13 views

Malicious code in @redhat-cloud-services/insights-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 12:0 a.m.15 views

Malicious code in @redhat-cloud-services/frontend-components-translations (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 12:0 a.m.14 views

Malicious code in @redhat-cloud-services/hcc-pf-mcp (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 12:0 a.m.15 views

Malicious code in @redhat-cloud-services/hcc-kessel-mcp (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 12:0 a.m.16 views

Malicious code in @redhat-cloud-services/frontend-components-advisor-components (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
Rows per page
Query Builder