Lucene search
K

142115 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago5 views

Malicious code in fastnodemailer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 767201ea4bfd4f0c6950f9d6fadf4f9e38c9e72e56abd975ac1b49864ffc04a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in cookie-ease (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e657448e95c84051d3c103da0e4bd744f5bc6cbbeedad66099d1ecf4681a65d5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in chalk-prettier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a36409ecc80ae4c159621da4530caf78fa06d5003dd2a55e18da3ae92b434cfa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-59196 pnpm: hoisted install imports lockfile alias outside node_modules

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted nodemodules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is fix...

7.1CVSS0.00262EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-55697

A flaw was found in pnpm, a package manager. A remote attacker could exploit this vulnerability by crafting a malicious repository that declares a configDependency in its pnpm-workspace.yaml file. When a user installs packages from this repository, pnpm improperly treats the declared dependency a...

8.8CVSS6.6AI score0.00127EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-55487

A flaw was found in pnpm, a package manager. This vulnerability allows a remote attacker to bypass security checks by manipulating how package source strings are processed. By crafting a specially designed source string, an attacker could trick the system into approving and using a malicious...

8.8CVSS6.2AI score0.00118EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-55698

A flaw was found in pnpm, a package manager. This vulnerability allows a remote attacker to achieve arbitrary code execution by committing a specially crafted package-manager lockfile pnpm-lock.yaml to a repository. When pnpm is executed, it trusts an already resolved packageManagerDependencies...

8.8CVSS6.6AI score0.00193EPSS
Exploits1References4
OSV
OSV
added 6 days ago12 views

ROOT-APP-NPM-CVE-2026-42043 CVE-2026-42043 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42043 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

7.2CVSS5.8AI score0.00661EPSS
Exploits1
OSV
OSV
added 6 days ago7 views

ROOT-APP-NPM-CVE-2026-42035 CVE-2026-42035 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42035 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

7.4CVSS5.8AI score0.00394EPSS
Exploits1
OSV
OSV
added 6 days ago13 views

ROOT-APP-NPM-CVE-2026-44496 CVE-2026-44496 in @rootio/axios - Patched by Root

Root has patched CVE-2026-44496 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

7.5CVSS5.4AI score0.00622EPSS
Exploits1
OSV
OSV
added 6 days ago3 views

ROOT-APP-NPM-GHSA-VVJJ-XCJG-GR5G GHSA-vvjj-xcjg-gr5g in @rootio/nodemailer - Patched by Root

Root has patched GHSA-vvjj-xcjg-gr5g in the @rootio/nodemailer package for Root:npm. Multiple fixed versions available...

4.9CVSS5.8AI score
Exploits0
OSV
OSV
added 6 days ago8 views

ROOT-APP-NPM-CVE-2026-6734 CVE-2026-6734 in @rootio/undici - Patched by Root

Root has patched CVE-2026-6734 in the @rootio/undici package for Root:npm. Multiple fixed versions available...

8.8CVSS6.4AI score0.00358EPSS
Exploits0
OSV
OSV
added 6 days ago15 views

ROOT-APP-NPM-CVE-2026-42039 CVE-2026-42039 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42039 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00744EPSS
Exploits1
OSV
OSV
added last week4 views

MAL-2026-6761 Malicious code in gen-ai-opt-in (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 371ed0f5f59f881d5fa2a296e7e3d44833f1ae46129da09714cab2edadcf440a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added last week8 views

Malicious code in gen-ai-opt-in (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3653831a01d3068b12688a9f6ae11926a1b1edde27f8f37a6c48f3f0dba99231 On npm install, postinstall.js executes automatically and collects installer host identifiers os.hostname, os.userInfo.username plus public IP/geo da...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/07/05 3:29 p.m.4 views

MAL-2026-6792 Malicious code in wsh4-nmp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae8d49fb38a00054e408984deccb85f6486ffa7aa61c31ad01402413143168d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/03 8:5 p.m.4 views

MAL-2026-6790 Malicious code in debugcli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b27bc49b2d8ef30848d427f7d6ec702eaed3b5bcc49f5fd4384183f228e2c50a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/03 8:5 p.m.6 views

Malicious code in debugcli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff9ad8188112d91f0ea673971f4421ca96dc7943ba12d65c7339c1aa75c2226e The package name debugcli shadows the popular debug package, and index.js is a thin re-export module.exports = require'debug' so callers observe...

6.1AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/03 3:37 p.m.8 views

Malicious code in decode-sdks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 645d703f4bbd5a7aedaa60a60b7d20af253d4da8efaf82cbac3520a8f21d67b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/03 11:17 a.m.18 views

ROOT-APP-NPM-CVE-2026-45740 CVE-2026-45740 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-45740 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.00263EPSS
Exploits0
Rows per page
Query Builder