Lucene search
K

383 matches found

OSV
OSV
added 2026/05/21 6:9 p.m.11 views

MAL-2026-4513 Malicious code in chai-as-tuned (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7e00f81e117716cfd7fd3565cf8b04073cd494a6da2c23749669133806a7473 Package name chai-as-tuned impersonates chai-as-promised and ships a README copy-pasted from the unrelated pino project npm/CI badges point at...

6AI score
Exploits0References2
OSV
OSV
added 2026/05/21 1:49 p.m.19 views

MAL-2026-4405 Malicious code in @lokuma/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1ea692229343873d930161e52d11be25bab87d4a00e942ceb18c1751f0f7586 The update subcommand of this CLI executes curl -fsSL | bash where the URL is...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 10:18 p.m.12 views

Malicious code in @cometix/claude-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9c6fc5df21efcd2949e4c05b4a9a75dbe8142243a3967dc853be7069ecaca24 Package is published under the @cometix scope but its package.json sets author to 'Anthropic ' and ships a README copied verbatim from Anthropic's...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/20 10:18 p.m.8 views

MAL-2026-4376 Malicious code in @cometix/claude-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9c6fc5df21efcd2949e4c05b4a9a75dbe8142243a3967dc853be7069ecaca24 Package is published under the @cometix scope but its package.json sets author to 'Anthropic ' and ships a README copied verbatim from Anthropic's...

5.9AI score
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/20 1:31 p.m.141 views

poc-lab

VulnClaw-PoC PoC & reproduction scripts for recently disclo...

7.8CVSS7.2AI score0.96267EPSS
Exploits230
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Composer

Composer is a dependency manager for the PHP programming language. Integrators who use Composer code to call VcsDriver::getFileContent may encounter a code injection vulnerability if the user can control the $file or $identifier arguments. This vulnerability is documented on packagist.org, where...

8.8CVSS8.2AI score0.01857EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 12:24 a.m.6 views

MAL-2026-4450 Malicious code in @tailwind-core/postcss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1dab944715339b0fabcf954a92fd33faacbb4d878368c36ea5a7d26d72fe2e56 Package name @tailwind-core/postcss is a one-character-class edit of the official @tailwindcss/postcss Tailwind CSS v4 PostCSS plugin, published unde...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/19 2:1 p.m.6 views

OPENSUSE-SU-2026:20771-1 Security update for perl-YAML-Syck

This update for perl-YAML-Syck fixes the following issues: Changes in perl-YAML-Syck: - updated to 1.450.0 1.45 Bug Fixes - Fix: use syckbase64free to fix Windows "Free to wrong pool" crash in base64 encode/decode buffers; also plugs a memory leak PR 189 - Fix: clear type tag on blessed scalar...

9.1CVSS6AI score0.00429EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 6:45 p.m.11 views

Malicious code in tronpath (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d9ca86850c4078f14665d6f5bafabc8d794a480a5d990c8a697bc2019869005d Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/14 6:45 p.m.8 views

MAL-2026-3742 Malicious code in tronpath (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d9ca86850c4078f14665d6f5bafabc8d794a480a5d990c8a697bc2019869005d Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

5.8AI score
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/12 9:40 p.m.89 views

codepoc

Java Goof This is a collection of Java demo apps that are vu...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/12 6:30 p.m.6 views

b2aiprep (>=0.19.0 <=3.3.3), capstone-text-mining (>=0.0.6 <=0.1.2) +10 more potentially affected by CVE-2026-31224 via snorkel (>=0.10.0 <=0.9.9)

snorkel PYPI version =0.10.0, =0.19.0, =0.0.6, =1.0.2, =0.8.0, =0.1.1, =0.1.2, =0.1.0, =0.6.1, =0.0.0, =1.3.1a1 - t2r2 =0.0.1 - ws-benchmark =1.1.2rc0 Source cves: CVE-2026-31224 Source advisory: SNYK:PYTHON-SNORKEL-16758048...

8.8CVSS5.7AI score0.00392EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/12 6:30 p.m.7 views

b2aiprep (>=0.19.0 <=3.3.3), capstone-text-mining (>=0.0.6 <=0.1.2) +10 more potentially affected by CVE-2026-31222 via snorkel (>=0.10.0 <=0.9.9)

snorkel PYPI version =0.10.0, =0.19.0, =0.0.6, =1.0.2, =0.8.0, =0.1.1, =0.1.2, =0.1.0, =0.6.1, =0.0.0, =1.3.1a1 - t2r2 =0.0.1 - ws-benchmark =1.1.2rc0 Source cves: CVE-2026-31222 Source advisory: SNYK:PYTHON-SNORKEL-16758049...

8.8CVSS5.7AI score0.00392EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/12 6:30 p.m.7 views

b2aiprep (>=0.19.0 <=3.3.3), capstone-text-mining (>=0.0.6 <=0.1.2) +10 more potentially affected by CVE-2026-31223 via snorkel (>=0.10.0 <=0.9.9)

snorkel PYPI version =0.10.0, =0.19.0, =0.0.6, =1.0.2, =0.8.0, =0.1.1, =0.1.2, =0.1.0, =0.6.1, =0.0.0, =1.3.1a1 - t2r2 =0.0.1 - ws-benchmark =1.1.2rc0 Source cves: CVE-2026-31223 Source advisory: SNYK:PYTHON-SNORKEL-16758051...

8.8CVSS5.7AI score0.00392EPSS
Exploits0
Snyk
Snyk
added 2026/05/05 6:28 p.m.8 views

Cross-site Scripting (XSS)

Overview @tdurieux/anonymousgithub is an Anonymise Github repositories for double-anonymous reviews Affected versions of this package are vulnerable to Cross-site Scripting XSS via the renderMD function. An attacker can execute arbitrary JavaScript in the application origin by crafting a maliciou...

8.6CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2026/05/05 6:28 p.m.3 views

GHSA-G485-8J3V-P6X8 @tdurieux/anonymous_github Vulnerable to XSS via Unsanitized GitHub Repository Content Rendering in Anonymous GitHub Origin

Summary Anonymous GitHub fetches repository content e.g., markdown files from GitHub's API and renders it without sanitization. On the client side, markdown is parsed with marked with sanitize: false and injected into the DOM via $sce.trustAsHtml + ng-bind-html, bypassing AngularJS's built-in XSS...

8.1CVSS6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.7 views

CVE-2026-40922

SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering incomplete fix for CVE-2026-33066 enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not...

5.4CVSS6.8AI score0.00261EPSS
Exploits1References1
NVD
NVD
added 2026/04/17 1:17 a.m.7 views

CVE-2026-40922

SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering incomplete fix for CVE-2026-33066 enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not...

5.4CVSS0.00261EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/17 12:17 a.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through incomplete sanitization of the README rendering process in the marketplace UI. An attacker can execute arbitrary scripts in the Electron context with full application privileges by embedding an iframe ta...

6.4CVSS5.5AI score0.00261EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.13 views

SiYuan 安全漏洞

SiYuan is an open-source personal knowledge management system developed by SiYuan itself. Versions of SiYuan from 3.6.1 to 3.6.3 have security vulnerabilities. These vulnerabilities stem from the Lute HTML cleanup program not preventing the use of iframe tags, and the URL prefixing mechanism not...

5.4CVSS6AI score0.00261EPSS
Exploits1References2
Rows per page
Query Builder