MAL-2026-2251 Malicious code in testtestsharp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d76d90d4c0413d045792eb3caf31ab7aa89d88854a891b2327107997b39eef91 The package testtestsharp was found to contain malicious code. Source: ghsa-malware a60a14bbd40854d1657cc0976cb3cd48a5cf74e75ed0be4db3d263ccbb782392...

Malicious code in @ev-tech/eva-container-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 000e7dc4c22d822e052329e85f5a615743547eaafc111f35576b780059ca2afb The package @ev-tech/eva-container-api was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2247 Malicious code in cua-primitives-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8835d90bff1ed316ff7b7be2d8a1223402e539c4b10cfc2ba0de3164dc438570 The package cua-primitives-server was found to contain malicious code. Source: ghsa-malware...

PT-2026-28434

Name of the Vulnerable Software and Affected Versions Flannel versions prior to 0.28.2 Description Flannel, a network fabric for containers designed for Kubernetes, contains a command injection issue in its experimental Extension backend. An attacker who can set Kubernetes Node annotations can...

GHSA-CPJ3-3R2F-XJ59 OpenBao has Reflected XSS in its OIDC authentication error message

Impact OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed authentication. This allows an attacker access to the token used in the Web UI by a...

Session Fixation

Overview Affected versions of this package are vulnerable to Session Fixation in the authentication process when callbackmode is set to direct. An attacker can gain unauthorized access to a victim's session by initiating an authentication request and tricking the victim into visiting a crafted UR...

CVE-2026-4229

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

Malicious code in jsonify-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b16e04dbb8a655525d1dcc95902eacad5b738ac61852151526e1e0a95447a3f0 The package jsonify-builder was found to contain malicious code. Source: ghsa-malware 4f4842e5bf9d324a472ef06cb8dc42b177eee930c375c76176e9a67f032d05f...

MAL-2026-2237 Malicious code in jsonify-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b16e04dbb8a655525d1dcc95902eacad5b738ac61852151526e1e0a95447a3f0 The package jsonify-builder was found to contain malicious code. Source: ghsa-malware 4f4842e5bf9d324a472ef06cb8dc42b177eee930c375c76176e9a67f032d05f...

Improper Access Control

mautic/core is vulnerable to Improper Access Control. The vulnerability is due to missing enforcement of update settings restrictions, which allows a low-privileged user to install or remove arbitrary packages and execute malicious code for privilege escalation...

MAL-2026-2229 Malicious code in @zecho/libsignal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8ee9faec3b25e7b043ecc51372ef854bf184e2ff001aab3599a53f7ea006e98 The package @zecho/libsignal was found to contain malicious code. Source: ghsa-malware 772f0780752f36a5549cdf7522ace0d3374d4bdbd45e94dfe1f0407b40a117...

MAL-2026-2221 Malicious code in @validator-lut-sdk/v3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cb4c0ee3137b51767f901297bd8743d7f23109b2897aec6b659a433c5c29a86 The package @validator-lut-sdk/v3 was found to contain malicious code. Source: ghsa-malware...

Malicious code in validator-lut-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c9f447a3c02a6c7ea716862009fcf6853c8d52e05144fa78746cbdbfe3ef000 The package validator-lut-sdk was found to contain malicious code. Source: ghsa-malware...

Malicious code in neanderthal-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c122a6fe5778bb430f198abe8838eb5d20ce083dca9ee1fdda16354222d1636 The package neanderthal-validator was found to contain malicious code. Source: ghsa-malware...

Malicious code in @pumpfun-ipfs/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21604418f7961773b23e7b3544ca95874cba1432a87ae6d4127531e651133f78 The package @pumpfun-ipfs/sdk was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2216 Malicious code in @pumpfun-ipfs/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21604418f7961773b23e7b3544ca95874cba1432a87ae6d4127531e651133f78 The package @pumpfun-ipfs/sdk was found to contain malicious code. Source: ghsa-malware...

Malicious code in @solana-ipfs/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 767b9130ad69548a70a52f86dfe12ae295731bb407cba85504eb9e02c56d64a3 The package @solana-ipfs/sdk was found to contain malicious code. Source: ghsa-malware 980d6b7d6391f5f58861078fac68f9222d3365190f1482debece7ae55b0170...

Malicious code in jito-validator-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5744d7d3aef03ec852963ebeca1a6357db3aa7bc925bae6e85f173692fc12eb0 The package jito-validator-sdk was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2227 Malicious code in validator-lut-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c9f447a3c02a6c7ea716862009fcf6853c8d52e05144fa78746cbdbfe3ef000 The package validator-lut-sdk was found to contain malicious code. Source: ghsa-malware...

Malicious code in @rexorg/config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a10d1a86c535852318ad135eca1236f436ad942657df6107d1e1e8a117faf42 The package @rexorg/config was found to contain malicious code. Source: ghsa-malware d3c7f7c6129d24b5a4ee9f95be492524854c16742b8b538f33972fea399c64f5...