CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33 matches found

OSSF Malicious Packages•added 2026/04/29 2:0 p.m.•5 views

Malicious code in internal-auth-provider (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

5.9AI score

Exploits0References1

OSSF Malicious Packages•added 2026/04/29 2:0 p.m.•4 views

Malicious code in @corp-infra/sso-gateway-core (npm)

5.9AI score

Exploits0References1

OSSF Malicious Packages•added 2026/04/29 2:0 p.m.•5 views

Malicious code in @omni-corp-infra/sso-bridge-core (npm)

5.9AI score

Exploits0References1

OSSF Malicious Packages•added 2026/04/29 2:0 p.m.•5 views

Malicious code in @enterprise-core/auth-gateway-bridge (npm)

5.9AI score

Exploits0References1

OSSF Malicious Packages•added 2026/04/29 2:0 p.m.•4 views

Malicious code in @internal-infra/core-sso-bridge (npm)

5.9AI score

Exploits0References1

OSSF Malicious Packages•added 2026/04/29 2:0 p.m.•5 views

Malicious code in google-storage-cloud (npm)

5.9AI score

Exploits0References1

OSV•added 2026/04/29 2:0 p.m.•4 views

MAL-2026-3257 Malicious code in @omni-corp-infra/sso-bridge-core (npm)

5.9AI score

Exploits0References1

OSV•added 2026/04/29 2:0 p.m.•4 views

MAL-2026-3260 Malicious code in google-storage-cloud (npm)

5.9AI score

Exploits0References1

OSSF Malicious Packages•added 2026/04/29 2:0 p.m.•6 views

Malicious code in enterprise-auth-gateway-core (npm)

5.9AI score

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-29229

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00378EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-29227

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00378EPSS

Exploits0References5

OSV•added 2025/09/15 11:58 p.m.•3 views

GHSA-FRH7-2F84-V9MW [email protected] contains malware after npm account takeover

Impact On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's ow...

8.8CVSS6.7AI score0.00378EPSS

Exploits0References7

OSV•added 2025/09/15 11:58 p.m.•2 views

GHSA-6JP5-HH4C-8C5H [email protected] contains malware after npm account takeover

Impact On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...

8.8CVSS6.7AI score0.00378EPSS

Exploits0References7

Github Security Blog•added 2025/09/15 11:32 p.m.•9 views

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's...

8.8CVSS6.6AI score0.00378EPSS

Exploits0References7Affected Software1

OSV•added 2025/09/15 9:23 p.m.•2 views

GHSA-286P-VC9P-P5QV [email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version 2.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's...

8.8CVSS6.7AI score0.00378EPSS

Exploits0References7

Vulnrichment•added 2025/09/15 8:32 p.m.•1 views

CVE-2025-59145 [email protected] contains malware after npm account takeover

color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrenc...

8.8CVSS6.3AI score0.00433EPSS

Exploits0References5

NVD•added 2025/09/15 8:15 p.m.•5 views

CVE-2025-59162

color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added...

8.8CVSS0.00378EPSS

Exploits0References5

CVE•added 2025/09/15 7:19 p.m.•18 views

CVE-2025-59330

The CVE-2025-59330 entry concerns the npm package error-ex . A phishing-driven takeover of its publishing account led to version 1.3.3 containing a malware payload that attempts to redirect cryptocurrency transactions from browser environments (e.g., MetaMask) to attacker addresses. Local/server/...

8.8CVSS6.5AI score0.00378EPSS

Exploits0References5

Vulnrichment•added 2025/09/15 7:16 p.m.•1 views

CVE-2025-59162 [email protected] contains malware after npm account takeover

8.8CVSS6.5AI score0.00378EPSS

Exploits0References5

Vulnrichment•added 2025/09/15 7:10 p.m.•1 views

CVE-2025-59143 [email protected] contains malware after npm account takeover

color is a Javascript color conversion and manipulation library. On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...

8.8CVSS6.5AI score0.00378EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by