Lucene search
K

142081 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in nonexistent-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9393b3fc67ac5c169de7089d2f5100b5cb49af4e2b747b46726660bebc2bf66a No a static rule matches and no traced behavioral findings were produced for this package version. Nothing in the analyzed artifacts indicates...

6.2AI score
Exploits0References2
OSV
OSV
added yesterday5 views

ROOT-APP-NPM-CVE-2026-5079 CVE-2026-5079 in @rootio/multer - Patched by Root

Root has patched CVE-2026-5079 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00278EPSS
Exploits0
OSV
OSV
added yesterday6 views

ROOT-APP-NPM-CVE-2025-48997 CVE-2025-48997 in @rootio/multer - Patched by Root

Root has patched CVE-2025-48997 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

8.7CVSS5.4AI score0.00368EPSS
Exploits0
OSV
OSV
added yesterday4 views

ROOT-APP-NPM-GHSA-QRV3-253H-G69C GHSA-qrv3-253h-g69c in @rootio/pnpm - Patched by Root

Root has patched GHSA-qrv3-253h-g69c in the @rootio/pnpm package for Root:npm. Multiple fixed versions available...

5.9AI score
Exploits0
OSV
OSV
added yesterday6 views

ROOT-APP-NPM-CVE-2021-23358 CVE-2021-23358 in @rootio/underscore - Patched by Root

Root has patched CVE-2021-23358 in the @rootio/underscore package for Root:npm. Multiple fixed versions available...

7.2CVSS7.5AI score0.04087EPSS
Exploits2
OSV
OSV
added yesterday4 views

ROOT-APP-NPM-CVE-2026-35213 CVE-2026-35213 in @rootio/hapi__content - Patched by Root

Root has patched CVE-2026-35213 in the @rootio/hapicontent package for Root:npm. Multiple fixed versions available...

7.5CVSS5.7AI score0.00413EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in chai-spycore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbb99516f251bbd13baae5273239a6a04acefea76ddf1a7b06f4b5a328339dae Package republishes the chai-spies Chai plugin source verbatim including original author header under the near-identical name chai-spycore...

6.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago6 views

Malicious code in windrule-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12204dba8f73baf0bb7f6ce1ebd80bb2ce689752abaea290e1429aed4037bb9c No suspicious behaviors were observed in this package version. There are no lifecycle scripts fetching or executing remote code, no hardcoded...

6AI score
Exploits0References2
OSV
OSV
added 2 days ago4 views

MAL-2026-6850 Malicious code in logger-beauty (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29f894c613d7ea8f407e4515aca877e6f13b5bb8e72530ce8032a534336b5a25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-59196 pnpm: hoisted install imports lockfile alias outside node_modules

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted nodemodules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is fix...

7.1CVSS0.00254EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-55697

A flaw was found in pnpm, a package manager. A remote attacker could exploit this vulnerability by crafting a malicious repository that declares a configDependency in its pnpm-workspace.yaml file. When a user installs packages from this repository, pnpm improperly treats the declared dependency a...

8.8CVSS6.6AI score0.00127EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-55487

A flaw was found in pnpm, a package manager. This vulnerability allows a remote attacker to bypass security checks by manipulating how package source strings are processed. By crafting a specially designed source string, an attacker could trick the system into approving and using a malicious...

8.8CVSS6.2AI score0.00118EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2 days ago4 views

CVE-2026-55698

A flaw was found in pnpm, a package manager. This vulnerability allows a remote attacker to achieve arbitrary code execution by committing a specially crafted package-manager lockfile pnpm-lock.yaml to a repository. When pnpm is executed, it trusts an already resolved packageManagerDependencies...

8.8CVSS6.6AI score0.00193EPSS
Exploits1References4
OSV
OSV
added 2 days ago11 views

ROOT-APP-NPM-CVE-2026-42043 CVE-2026-42043 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42043 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

7.2CVSS5.8AI score0.00661EPSS
Exploits1
OSV
OSV
added 2 days ago5 views

ROOT-APP-NPM-CVE-2026-42035 CVE-2026-42035 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42035 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

7.4CVSS5.8AI score0.00394EPSS
Exploits1
OSV
OSV
added 2 days ago12 views

ROOT-APP-NPM-CVE-2026-44496 CVE-2026-44496 in @rootio/axios - Patched by Root

Root has patched CVE-2026-44496 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

7.5CVSS5.4AI score0.00645EPSS
Exploits1
OSV
OSV
added 2 days ago3 views

ROOT-APP-NPM-GHSA-VVJJ-XCJG-GR5G GHSA-vvjj-xcjg-gr5g in @rootio/nodemailer - Patched by Root

Root has patched GHSA-vvjj-xcjg-gr5g in the @rootio/nodemailer package for Root:npm. Multiple fixed versions available...

4.9CVSS5.8AI score
Exploits0
OSV
OSV
added 2 days ago7 views

ROOT-APP-NPM-CVE-2026-6734 CVE-2026-6734 in @rootio/undici - Patched by Root

Root has patched CVE-2026-6734 in the @rootio/undici package for Root:npm. Multiple fixed versions available...

8.8CVSS6.4AI score0.00323EPSS
Exploits0
OSV
OSV
added 2 days ago14 views

ROOT-APP-NPM-CVE-2026-42039 CVE-2026-42039 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42039 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00744EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago7 views

Malicious code in gen-ai-opt-in (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3653831a01d3068b12688a9f6ae11926a1b1edde27f8f37a6c48f3f0dba99231 On npm install, postinstall.js executes automatically and collects installer host identifiers os.hostname, os.userInfo.username plus public IP/geo da...

5.9AI score
Exploits0References4
Rows per page
Query Builder