Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2026/05/24 2:10 a.m.4 views

MAL-2026-4567 Malicious code in freertc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fb3d1337fc97d6eaccde325dc5f539a28af051f548c31f1b97a8752b8f51878 On install, scripts/postinstall-message.mjs reads the consumer project's package.json via process.env.INITCWD, and if freertc appears in...

5.8AI score
Exploits0References8
OSV
OSVadded 2026/05/20 10:51 a.m.4 views

MAL-2026-4447 Malicious code in @spcsn/taro-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10e2baba3a5166ecf1196146e1b2a8771836b25bd7f8d56979e3e277a3de9625 The package's postinstall script probes https://taro.jd.com/ and then invokes its own CLI to run npm install...

6.1AI score
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2023-47237

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00131EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletinsadded 2021/08/10 4:59 p.m.10 views

Security Bulletin: Vulnerability in npm affects IBM VM Recovery Manager DR

Summary There is vulnerability in npm which affects IBM VM Recovery Manager DR Vulnerability Details Third Party Entry: 184667 DESCRIPTION: Node.js npm-registry-fetch module could allow a remote attacker to obtain sensitive information, caused by the storing of user credentials in the log file. B...

1.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2020/09/28 6:58 p.m.30 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js (CVE-2020-15095)

Summary Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js CVE-2020-15095 Vulnerability Details Third Party Entry: 184667 DESCRIPTION: Node.js npm-registry-fetch module information disclosure CVSS Base score: 7.5 CVSS Temporal Score: See:...

4.4CVSS0.9AI score0.0013EPSS
Exploits0Affected Software1
Veracode
Veracodeadded 2020/07/08 2:12 a.m.8 views

Information Disclosure

npm-registry-fetch is vulnerable to information disclosure. The vulnerability exists as as it does not mask sensitive information that may be logged through the malicious URL such as ://:@::/...

1AI score
Exploits0
Node.js
Node.jsadded 2020/07/07 7:5 p.m.10 views

Sensitive Data Exposure

Overview Affected versions of npm-registry-fetch are vulnerable to an information exposure vulnerability through log files. The package supports URLs like ://:@::/. The password value is not redacted and is printed to stdout and also to any generated log files. Recommendation Upgrade to version...

6.8AI score
Exploits0Affected Software1
OSV
OSVadded 2020/07/07 6:59 p.m.1 views

GHSA-JMQM-F2GX-4FJV Sensitive information exposure through logs in npm-registry-fetch

Affected versions of npm-registry-fetch are vulnerable to an information exposure vulnerability through log files. The cli supports URLs like ://:@::/. The password value is not redacted and is printed to stdout and also to any generated log files...

5.3CVSS5.9AI score
Exploits0References5
Rows per page
Query Builder