MAL-2026-5289 Malicious code in unifi-portal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8ff224f10cd94268bd5347ea6898f0cb1c54d23b19a6eb02d8efa268a16e15e8 The OpenSSF Package Analysis project identified 'unifi-portal' @ 99.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2026-5286 Malicious code in encrypted-archive (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 13428a6cdcd4736d3f044dd6a580724699318155a1c1e283b586b9a4c3ab6295 The OpenSSF Package Analysis project identified 'encrypted-archive' @ 99.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in uhd-setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 358eee34aaba61eaa93e977d35a18f35f59a56527d7c20b6e9a0bdf9c4a0a8da The OpenSSF Package Analysis project identified 'uhd-setup' @ 99.0.0 npm as malicious. It is considered malicious because: - The package...

npm ansi_up v4 - Cross-Site Scripting

npm package ansiup v4 is vulnerable to cross-site scripting because ANSI escape codes can be used to create HTML hyperlinks. id: CVE-2021-3377 info: name: npm ansiup v4 - Cross-Site Scripting author: geeknik severity: medium description: npm package ansiup v4 is vulnerable to cross-site scripting...

Netmask NPM Package - Server-Side Request Forgery

Netmask NPM Package is susceptible to server-side request forgery because of improper input validation of octal strings in netmask npm package. This allows unauthenticated remote attackers to perform indeterminate SSRF, remote file inclusion, and local file inclusion attacks on many of the...

CVE-2025-65122

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

CVE-2026-42994

Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...

Miasma Malware Hits 32 Red Hat Packages via Compromised GitHub Account

32 Red Hat npm packages compromised by Miasma malware expose cloud tokens, CI/CD secrets and developer credentials in supply chain attack...

ROOT-APP-NPM-CVE-2021-3795 CVE-2021-3795 in @rootio/semver-regex - Patched by Root

Root has patched CVE-2021-3795 in the @rootio/semver-regex package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2021-43307 CVE-2021-43307 in @rootio/semver-regex - Patched by Root

Root has patched CVE-2021-43307 in the @rootio/semver-regex package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-33896 CVE-2026-33896 in @rootio/node-forge - Patched by Root

Root has patched CVE-2026-33896 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-33894 CVE-2026-33894 in @rootio/node-forge - Patched by Root

Root has patched CVE-2026-33894 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2025-66031 CVE-2025-66031 in @rootio/node-forge - Patched by Root

Root has patched CVE-2025-66031 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-33891 CVE-2026-33891 in @rootio/node-forge - Patched by Root

Root has patched CVE-2026-33891 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2021-23337 CVE-2021-23337 in @rootio/lodash.template - Patched by Root

Root has patched CVE-2021-23337 in the @rootio/lodash.template package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44728 CVE-2026-44728 in @rootio/babel__plugin-transform-modules-systemjs - Patched by Root

Root has patched CVE-2026-44728 in the @rootio/babelplugin-transform-modules-systemjs package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-2739 CVE-2026-2739 in @rootio/bn.js - Patched by Root

Root has patched CVE-2026-2739 in the @rootio/bn.js package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2025-62718 CVE-2025-62718 in @rootio/axios - Patched by Root

Root has patched CVE-2025-62718 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-25639 CVE-2026-25639 in @rootio/axios - Patched by Root

Root has patched CVE-2026-25639 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-42044 CVE-2026-42044 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42044 in the @rootio/axios package for Root:npm. Multiple fixed versions available...