142253 matches found
Malicious code in backup2-asd (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6fe96add7d70ce5933988f1c78b934187e279d88618bd3f211de3d719177168 The tarball published as [email protected] is a Vite-built browser application branded 'Lucide' rather than a Node library. package.json declares mai...
Malicious code in backup4-gasp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e42991a6cdb40d2c1dec58317f280d0a6e38ad2dfa14b1a0dfe2ac40c5dc18a The package ships multiple heavily obfuscated JavaScript bundles under assets/ AccountPage, DarkVeil, GamesPage, PlusBlockedNote, SettingsPage that u...
MAL-2026-10332 Malicious code in lowkeybored (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44a98aa46273662e37d16a9ce5fd2e003ae747c89301cbd03b1ba52bdbe81fca The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @jplopezy/connectivity-test-do-not-install (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94a8451d9e6d0f50b066cc79da664b4ec909dc1fb835c39f938b5a58dd9f8ad5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-10190 Malicious code in tinyparrot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec7ebbcc82edaa241764193ea85c0492b99f9ed3be805c57ef0914518cd4b6f9 The postinstall script src/build.js reconstructs the strings 'https', 'POST', and the destination host 'rnjkerbf.org/P' from integer-encoded arrays v...
RHSA-2026:38017 Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
Bulletin has no description...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs26: nodejs26-26.5.0-1.3.hum1 aarch64, x8664 nodejs26-bin-26.5.0-1.3.hum1 noarch nodejs26-devel-26.5.0-1.3.hum1 aarch64, x8664 nodejs26-docs-26.5.0-1.3.hum1 noarch...
ROOT-APP-NPM-CVE-2022-0144 CVE-2022-0144 in @rootio/shelljs - Patched by Root
Root has patched CVE-2022-0144 in the @rootio/shelljs package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44979 CVE-2026-44979 in @rootio/hapi__wreck - Patched by Root
Root has patched CVE-2026-44979 in the @rootio/hapiwreck package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44575 CVE-2026-44575 in @rootio/next - Patched by Root
Root has patched CVE-2026-44575 in the @rootio/next package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-5079 CVE-2026-5079 in @rootio/multer - Patched by Root
Root has patched CVE-2026-5079 in the @rootio/multer package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-48997 CVE-2025-48997 in @rootio/multer - Patched by Root
Root has patched CVE-2025-48997 in the @rootio/multer package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2024-8373 CVE-2024-8373 in @rootio/angular - Patched by Root
Root has patched CVE-2024-8373 in the @rootio/angular package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2023-26117 CVE-2023-26117 in @rootio/angular - Patched by Root
Root has patched CVE-2023-26117 in the @rootio/angular package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2021-44906 CVE-2021-44906 in @rootio/minimist - Patched by Root
Root has patched CVE-2021-44906 in the @rootio/minimist package for Root:npm. Multiple fixed versions available...
CVE-2026-55849 @cyclonedx/cyclonedx-npm: Shell Injection via Unsanitized `--workspace` Argument
@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npmexecpath is unset or empty, allowing arbitrary OS command execution with the privileg...
MAL-2026-6973 Malicious code in gitlens (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c60743ac7b975c729e8ff8bd5310f71fce030efc3979f419f60e129921364ae7 package.json declares a preinstall lifecycle hook that runs curl https://bt8hbz0owdan31qvdap2u5b8izoqcg05.oastify.com on npm install. oastify.com is...
ROOT-APP-NPM-CVE-2026-42037 CVE-2026-42037 in @rootio/axios - Patched by Root
Root has patched CVE-2026-42037 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
MAL-2026-6967 Malicious code in nam-os-a-man (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a483a2ae78f1f6f7d3d4da1ab74cc189f29564e002299f09c19e0d3eb41e40aa The package declares a postinstall hook that runs index.js on npm install. index.js collects the installer's OS username os.userInfo.username, hostna...
MAL-2026-6969 Malicious code in vite-json-pwa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f9204782dfa050ba762ce8c8a35c01e9f7b1e8bf82e140854d182f9614080b6 [email protected] impersonates the legitimate vite-plugin-pwa package author metadata claims 'inna voik' while funding/homepage point at the real...