Lucene search
K

605 matches found

Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.14 views

Malicious code in instructor-mcp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6db8a103a73261cd6de8f763fa639d1bd148124ca661893e9d3ab73cd76ab50b instructor-mcp 1.15.2 is a typosquat of the legitimate instructor PyPI library it copies the same author names, README, and repository URL...

5.6AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.14 views

Malicious code in dreamgen (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 518c5b1627018ff52b8f3b8e83d862735009be6eaed3595922195bb3b45e6162 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...

6AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.21 views

Malicious code in coolbox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c55bfdad112134e980af7568a9138be1e4b940f7bfbeebad2b0f85d9337a0f44 The wheel installs coolbox-setup.pth, a Python path-configuration file that Python auto-loads at every interpreter startup any python invocation...

5.6AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.16 views

Malicious code in orchestr8-platform (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d9526ae43236ac15964b307175384455975ace26d8157ef3c41ed8db8192562 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...

6AI score
Exploits0References5
Snyk
Snyk
added 2026/05/11 9:0 p.m.13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.21 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.29 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 2026/03/13 4:7 p.m.16 views

EUVD-2026-12050

Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm allows Excessive Allocation. Publishing an oversized package can cause Hex.pm to run out of memory while extracting the uploaded package tarball. This can terminate the affected application instance and result in a denial of...

7.1CVSS5.8AI score0.0044EPSS
Exploits0References2
OSV
OSV
added 2026/03/13 4:7 p.m.5 views

EEF-CVE-2026-23940 Denial of Service via Oversized Package Upload

Summary Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm allows Excessive Allocation. Publishing an oversized package can cause Hex.pm to run out of memory while extracting the uploaded package tarball. This can terminate the affected application instance and result in a denia...

7.1CVSS6.1AI score0.0044EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.7 views

CVE-2026-21621

Incorrect Authorization vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.API.OAuthController' module allows Privilege Escalation. An API key created with read-only permissions domain: "api", resource: "read" can be escalated to full write access under specific conditions. When exchanging a...

7CVSS5.8AI score0.00323EPSS
Exploits0References1
NVD
NVD
added 2026/03/05 8:16 p.m.7 views

CVE-2026-21621

Incorrect Authorization vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.API.OAuthController' module allows Privilege Escalation. An API key created with read-only permissions domain: "api", resource: "read" can be escalated to full write access under specific conditions. When exchanging a...

7CVSS0.00323EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.10 views

PT-2026-23497

Incorrect Authorization vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.API.OAuthController' module allows Privilege Escalation. An API key created with read-only permissions domain: "api", resource: "read" can be escalated to full write access under specific conditions. When exchanging a...

7CVSS6AI score0.00323EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/30 9:57 a.m.5 views

EUVD-2026-5040

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...

10CVSS6.2AI score0.00504EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in development-playwright-stratosphere-parcel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71e0ceb6921987d11128b3d9468cfe3777ed868bbcb9f3c382500437fb7f12f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.5 views

MAL-2025-187442 Malicious code in impulse-dependencies-spinner-figures (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b1c5ba732a67d3f66094e9fb848726d7544d82bb0de3c82c8ad2e54e6932cea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.3 views

MAL-2025-186105 Malicious code in chalk-stop-indus-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87bb8e1129a1d5a199fd42030542e91c8c409a534084d9519532cc4057e92cc4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.7 views

MAL-2025-186975 Malicious code in file-decompress-gamma-wind-object (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c18eb3d3f0daa811ce492b9531635f4cef64f89da0a246e6005ed0a1dca836ea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.2 views

MAL-2025-186489 Malicious code in darkmatter-pegasus-optimize-css-assets-webpack-plugin-andromeda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f5049359bccb7733c0fd183c777b326ee012861cd33a678a63ef401518ecc37 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.4 views

MAL-2025-188327 Malicious code in nodejs-oberon-ignite-node-sass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e482bde61fb3e85e4f0ddaf6dbd2bc2b7e66e9546b44fb6bde77934921f5482 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Rows per page
Query Builder