Lucene search
K

142110 matches found

OSV
OSV
added 2026/07/02 7:59 a.m.8 views

ROOT-APP-NPM-CVE-2026-39365 CVE-2026-39365 in @rootio/vite - Patched by Root

Root has patched CVE-2026-39365 in the @rootio/vite package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.00914EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/02 12:0 a.m.6 views

Malicious code in @marketfront/designsystemdevtool (npm)

The @marketfront/designsystemdevtool package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/07/02 12:0 a.m.3 views

MAL-2026-6777 Malicious code in @marketfront/errorcounter (npm)

The @marketfront/errorcounter package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/01 7:15 p.m.8 views

Malicious code in vitest-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e0165cbb3d6ed37a96889c4b016463706346e1c09413635c31ea1ceedde8774 The package's postinstall script node lib/utils/index.js spawns a detached, stdio-suppressed Node child process that runs...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/06/30 12:56 p.m.5 views

ROOT-APP-NPM-CVE-2026-44979 CVE-2026-44979 in @rootio/hapi__wreck - Patched by Root

Root has patched CVE-2026-44979 in the @rootio/hapiwreck package for Root:npm. Multiple fixed versions available...

5.8AI score0.00054EPSS
Exploits0
OSV
OSV
added 2026/06/30 11:26 a.m.12 views

ROOT-APP-NPM-CVE-2026-1526 CVE-2026-1526 in @rootio/undici - Patched by Root

Root has patched CVE-2026-1526 in the @rootio/undici package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.0115EPSS
Exploits0
OSV
OSV
added 2026/06/30 10:46 a.m.3 views

RHSA-2026:26573 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...

6.8CVSS5.7AI score0.00112EPSS
Exploits0References9
OSV
OSV
added 2026/06/30 7:45 a.m.7 views

ROOT-APP-NPM-CVE-2025-12816 CVE-2025-12816 in @rootio/node-forge - Patched by Root

Root has patched CVE-2025-12816 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

8.6CVSS5.4AI score0.00689EPSS
Exploits1
OSV
OSV
added 2026/06/30 7:45 a.m.12 views

ROOT-APP-NPM-CVE-2022-24772 CVE-2022-24772 in @rootio/node-forge - Patched by Root

Root has patched CVE-2022-24772 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

7.5CVSS6.8AI score0.01015EPSS
Exploits0
OSV
OSV
added 2026/06/30 7:39 a.m.9 views

ROOT-APP-NPM-CVE-2026-25896 CVE-2026-25896 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-25896 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

9.3CVSS5.3AI score0.00445EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 12:0 a.m.8 views

Malicious code in log-taker1 (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. log-taker1 embeds a full infostealer 2800 lines directly in index.js, executed at install time via postinstall: node test.js. The payload harvests cryptocurrency wallet vaults MetaMask, Phantom, Solflare,...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.9 views

Malicious code in @digitalpharmacist/http-error-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd3874246d23d6027bd09962515c8e79a0246740ff5fc6f853270c0a40271d18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.7 views

Malicious code in cmp-api-stub (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64a5a4ba35daee6a6a7e344f853e6ab0fc54d4d39f3434bdd3cbc7e7f56aa766 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 2:0 p.m.7 views

Malicious code in authsessionbridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c7726c32d14f31a311ae45a86c88fb5c478b8e89d9c71981b7c8ad1da946739 On require, lib/constants.js reached transitively from the package main issues an axios GET to a base64-obfuscated URL at jsonkeeper.com...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 2:0 p.m.7 views

Malicious code in auth-state-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fc857733e3c372868625f57425574859c653eb8ac16c97171aa9e929de13ca6 On require'auth-state-service', the package loads lib/writer.js, which at top level attempts require'ssr-auth-sync' and on failure shells out via...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 1:5 p.m.6 views

Malicious code in lc-chatbot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81ca324fdc9c4ba5536abcd43972f1a506f4af99ace29447b66a17947b1b8606 package.json declares both preinstall and postinstall scripts that run node callback.js, so the callback fires automatically on npm install with no...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/28 1:5 p.m.6 views

MAL-2026-6559 Malicious code in lc-chatbot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81ca324fdc9c4ba5536abcd43972f1a506f4af99ace29447b66a17947b1b8606 package.json declares both preinstall and postinstall scripts that run node callback.js, so the callback fires automatically on npm install with no...

5.8AI score
Exploits0References1
EUVD
EUVD
added 2026/06/26 11:54 p.m.10 views

EUVD-2026-39487

pnpm: stage download writes outside its destination directory via manifest name/version traversal...

7.1CVSS5.8AI score0.00267EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/26 11:34 p.m.9 views

EUVD-2026-39484

pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes...

8.8CVSS5.8AI score0.00193EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/26 11:20 p.m.7 views

EUVD-2026-39483

pnpm: Repository-controlled configDependencies can select a pacquet native install engine...

7.5CVSS5.8AI score0.00127EPSS
Exploits1References2
Rows per page
Query Builder