Lucene search
K

10 matches found

Snyk
Snyk
added 2026/05/18 9:0 p.m.8 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/01 4:8 p.m.7 views

@01.software/cli (>=0.1.1 <=0.2.0-dev.260310.cf511cb), @01.software/sdk (>=0.0.1-251008.90016 <=0.3.0) +33 more potentially affected by CVE-2026-34751 via payload (>=3.0.0-alpha.46 <=3.79.0)

payload NPM version =3.0.0-alpha.46, =0.1.1, =0.0.1-251008.90016, =0.0.6, =0.0.3, =1.0.1-beta.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =3.64.0, =0.0.1-beta.0, =0.2.0, =0.2.14 and more Source cves: CVE-2026-34751 Source advisory: SNYK:JS-PAYLOAD-15871108...

9.1CVSS5.8AI score0.00306EPSS
Exploits0
Snyk
Snyk
added 2026/03/19 11:0 p.m.3 views

Embedded Malicious Code

Overview @teale.io/eslint-config is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM...

9.8CVSS5.8AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/06 4:43 p.m.7 views

@george.talusan/node-red-contrib-copilot (>=0.0.5 <=1.0.5), @github/copilot-sdk (>=0.1.9 <=0.1.31-unstable.0) +19 more potentially affected by CVE-2026-29783 via @github/copilot (>=0.0.375 <=0.0.421)

@github/copilot NPM version =0.0.375, =0.0.5, =0.1.9, =1.1.0, =0.0.0, =0.13.0, =0.0.1, =1.2.3, =0.6.0, =1.0.1, =0.1.0, =1.0.0, =1.0.0, =1.0.15 - devdoctor-js =0.1.0 and more Source cves: CVE-2026-29783 Source advisory: SNYK:JS-GITHUBCOPILOT-15468228...

7.8CVSS5.7AI score0.00363EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/01/14 9:34 p.m.8 views

02.aula (=1.0.0), 19json-validator (>=0.0.3 <=0.0.4) +3291 more potentially affected by CVE-2026-24001 via diff (>=5.0.0 <=5.2.0)

diff NPM version =5.0.0, =0.0.3, =0.0.1, =0.1.23, =0.1.4, =1.0.0, =1.0.7, =10.4.0, =9.0.0, =10.0.0, =10.0.0, =10.6.0 and more Source cves: CVE-2026-24001 Source advisory: OSV:GHSA-73RR-HH4G-FPGX...

7.5CVSS5.8AI score0.00562EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/13 8:29 p.m.7 views

@cenk1cenk2/renovate-config (>=2.0.0 <=2.3.148), @jamietanna/patch-testing (>=0.1.0 <=0.2.28) +9 more potentially affected by unknown CVE via renovate (>=31.97.3 <=40.21.2)

renovate NPM version =31.97.3, =2.0.0, =0.1.0, =0.1.0, =0.5.0, =0.1.0, =0.1.0, =1.1.130, =0.0.1, =0.19.0 - @zotero-chinese/renovate-config =1.0.3 Source cves: unknown CVE Source advisory: SNYK:JS-RENOVATE-14927384...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/12/08 9:30 p.m.24 views

Directory Traversal in evershop

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint...

5.4CVSS6.3AI score0.00793EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2020/02/25 3:56 p.m.8 views

npm: Arbitrary file write via constructed entry in the package.json bin field

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

8.1CVSS7.5AI score0.03342EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/12/11 12:0 a.m.3 views

PT-2019-1106 · Npm +6 · Npm +6

Name of the Vulnerable Software and Affected Versions: npm CLI versions prior to 6.13.3 Description: The issue is related to errors in link handling in the npm and Yarn package managers. Exploitation of this issue may allow a remote attacker to write arbitrary files by creating a symbolic link to...

9.8CVSS7.3AI score0.57132EPSS
Exploits2References111
vulnersOsv
vulnersOsv
added 2019/07/05 9:7 p.m.6 views

0.extends.wechat (>=1.0.51 <=1.0.65), 02vue_toast_demo (>=1.0.0 <=1.0.4) +17759 more potentially affected by unknown CVE via mem (>=0.1.1 <=3.0.1)

mem NPM version =0.1.1, =1.0.51, =1.0.0, =8.3.5, =0.0.1, =2.0.0, =0.0.1-alpha.1, =1.0.0, =1.0.4, =0.0.3, =1.0.0, =0.0.2, =0.3.0, =0.23.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-4XCV-9JJX-GFJ3...

5.7AI score
Exploits0
Rows per page
Query Builder