Lucene search
+L

142253 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago7 views

Malicious code in backup2-asd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6fe96add7d70ce5933988f1c78b934187e279d88618bd3f211de3d719177168 The tarball published as [email protected] is a Vite-built browser application branded 'Lucide' rather than a Node library. package.json declares mai...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago7 views

Malicious code in backup4-gasp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e42991a6cdb40d2c1dec58317f280d0a6e38ad2dfa14b1a0dfe2ac40c5dc18a The package ships multiple heavily obfuscated JavaScript bundles under assets/ AccountPage, DarkVeil, GamesPage, PlusBlockedNote, SettingsPage that u...

6.1AI score
Exploits0References2
OSV
OSV
added 5 days ago3 views

MAL-2026-10332 Malicious code in lowkeybored (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44a98aa46273662e37d16a9ce5fd2e003ae747c89301cbd03b1ba52bdbe81fca The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago11 views

Malicious code in @jplopezy/connectivity-test-do-not-install (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94a8451d9e6d0f50b066cc79da664b4ec909dc1fb835c39f938b5a58dd9f8ad5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added last week3 views

MAL-2026-10190 Malicious code in tinyparrot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec7ebbcc82edaa241764193ea85c0492b99f9ed3be805c57ef0914518cd4b6f9 The postinstall script src/build.js reconstructs the strings 'https', 'POST', and the destination host 'rnjkerbf.org/P' from integer-encoded arrays v...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/07/11 10:5 a.m.2 views

RHSA-2026:38017 Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

Bulletin has no description...

7.5CVSS6.6AI score0.00805EPSS
Exploits2References26
RedHat Linux
RedHat Linux
added 2026/07/10 5:41 p.m.4 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs26: nodejs26-26.5.0-1.3.hum1 aarch64, x8664 nodejs26-bin-26.5.0-1.3.hum1 noarch nodejs26-devel-26.5.0-1.3.hum1 aarch64, x8664 nodejs26-docs-26.5.0-1.3.hum1 noarch...

7.5CVSS6.9AI score0.00789EPSS
Exploits0References5
OSV
OSV
added 2026/07/10 12:9 p.m.10 views

ROOT-APP-NPM-CVE-2022-0144 CVE-2022-0144 in @rootio/shelljs - Patched by Root

Root has patched CVE-2022-0144 in the @rootio/shelljs package for Root:npm. Multiple fixed versions available...

7.1CVSS7.1AI score0.00427EPSS
Exploits1
OSV
OSV
added 2026/07/10 9:17 a.m.7 views

ROOT-APP-NPM-CVE-2026-44979 CVE-2026-44979 in @rootio/hapi__wreck - Patched by Root

Root has patched CVE-2026-44979 in the @rootio/hapiwreck package for Root:npm. Multiple fixed versions available...

6.3CVSS5.8AI score0.00054EPSS
Exploits0
OSV
OSV
added 2026/07/09 10:41 a.m.10 views

ROOT-APP-NPM-CVE-2026-44575 CVE-2026-44575 in @rootio/next - Patched by Root

Root has patched CVE-2026-44575 in the @rootio/next package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.01558EPSS
Exploits0
OSV
OSV
added 2026/07/09 6:57 a.m.7 views

ROOT-APP-NPM-CVE-2026-5079 CVE-2026-5079 in @rootio/multer - Patched by Root

Root has patched CVE-2026-5079 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00278EPSS
Exploits0
OSV
OSV
added 2026/07/09 6:57 a.m.8 views

ROOT-APP-NPM-CVE-2025-48997 CVE-2025-48997 in @rootio/multer - Patched by Root

Root has patched CVE-2025-48997 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

8.7CVSS5.4AI score0.00368EPSS
Exploits0
OSV
OSV
added 2026/07/09 6:57 a.m.10 views

ROOT-APP-NPM-CVE-2024-8373 CVE-2024-8373 in @rootio/angular - Patched by Root

Root has patched CVE-2024-8373 in the @rootio/angular package for Root:npm. Multiple fixed versions available...

4.8CVSS7.1AI score0.00599EPSS
Exploits1
OSV
OSV
added 2026/07/09 6:57 a.m.12 views

ROOT-APP-NPM-CVE-2023-26117 CVE-2023-26117 in @rootio/angular - Patched by Root

Root has patched CVE-2023-26117 in the @rootio/angular package for Root:npm. Multiple fixed versions available...

5.3CVSS6.6AI score0.01695EPSS
Exploits1
OSV
OSV
added 2026/07/09 6:35 a.m.5 views

ROOT-APP-NPM-CVE-2021-44906 CVE-2021-44906 in @rootio/minimist - Patched by Root

Root has patched CVE-2021-44906 in the @rootio/minimist package for Root:npm. Multiple fixed versions available...

9.8CVSS8.2AI score0.04581EPSS
Exploits1
OSV
OSV
added 2026/07/08 9:10 p.m.2 views

CVE-2026-55849 @cyclonedx/cyclonedx-npm: Shell Injection via Unsanitized `--workspace` Argument

@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npmexecpath is unset or empty, allowing arbitrary OS command execution with the privileg...

8.5CVSS6.3AI score0.0016EPSS
Exploits0References6
OSV
OSV
added 2026/07/08 9:21 a.m.9 views

MAL-2026-6973 Malicious code in gitlens (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c60743ac7b975c729e8ff8bd5310f71fce030efc3979f419f60e129921364ae7 package.json declares a preinstall lifecycle hook that runs curl https://bt8hbz0owdan31qvdap2u5b8izoqcg05.oastify.com on npm install. oastify.com is...

6.5AI score
Exploits0References3
OSV
OSV
added 2026/07/08 8:58 a.m.16 views

ROOT-APP-NPM-CVE-2026-42037 CVE-2026-42037 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42037 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.0024EPSS
Exploits1
OSV
OSV
added 2026/07/08 8:26 a.m.7 views

MAL-2026-6967 Malicious code in nam-os-a-man (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a483a2ae78f1f6f7d3d4da1ab74cc189f29564e002299f09c19e0d3eb41e40aa The package declares a postinstall hook that runs index.js on npm install. index.js collects the installer's OS username os.userInfo.username, hostna...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/08 8:21 a.m.8 views

MAL-2026-6969 Malicious code in vite-json-pwa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f9204782dfa050ba762ce8c8a35c01e9f7b1e8bf82e140854d182f9614080b6 [email protected] impersonates the legitimate vite-plugin-pwa package author metadata claims 'inna voik' while funding/homepage point at the real...

6.3AI score
Exploits0References3
Rows per page
Query Builder