Malicious code in supplychain-security-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2655712e00f8c5bf90b5a945bc60c2fd3c109d2719ec7b161114f86343741ee1 The package supplychain-security-demo was found to contain malicious code. Source: ghsa-malware...

SQL Injection

Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to SQL Injection via the removetrainingdata function in the file bigqueryvector.py. An attacker can execute arbitrary SQL commands by supplying crafted input to the ID argument...

Malicious code in pretty-changelog-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64b9f609acf299244364375bad1f58bc65eb5c8b17ca7e9bc92de94aff7e975c The package pretty-changelog-logger was found to contain malicious code. Source: ghsa-malware...

Malicious code in polymarket-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6c5cc93272b23bb8876a4c2f2ce61ec7887bdeb6b89846a0c385022a156c6ca The package polymarket-validator was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1464 Malicious code in pretty-changelog-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64b9f609acf299244364375bad1f58bc65eb5c8b17ca7e9bc92de94aff7e975c The package pretty-changelog-logger was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview changelog-logger-utilities is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2026-1459 Malicious code in changelog-logger-utilities (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7df10f389f394a16d448bc3f80b0b77a100506b76590ef476e6b688e59d62d9f The package changelog-logger-utilities was found to contain malicious code. Source: ghsa-malware...

Malicious code in npm-demoo-1111 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c2199a37f518fbd8345def58b16a83c07aaf6aae9b837f6ec6d96a179f97849 The package npm-demoo-1111 was found to contain malicious code. Source: ghsa-malware 12073b21cd21241e9d8a004221c9e22d323091d95e7b5b9bdde2f1b20883aea4...

MAL-2026-1461 Malicious code in npm-demo-1112 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 997173ec7aa479e3f57733838a8d8923cd42b2a9b272936ae7798a8f3c7f3699 The package npm-demo-1112 was found to contain malicious code. Source: ghsa-malware dd67ca28466b78c5da65f0a98c71b3e3243c90641b4de5d7ccc3215dbb1a33e4...

Malicious code in npm-demo-1112 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 997173ec7aa479e3f57733838a8d8923cd42b2a9b272936ae7798a8f3c7f3699 The package npm-demo-1112 was found to contain malicious code. Source: ghsa-malware dd67ca28466b78c5da65f0a98c71b3e3243c90641b4de5d7ccc3215dbb1a33e4...

MAL-2026-1462 Malicious code in npm-demoo-1111 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c2199a37f518fbd8345def58b16a83c07aaf6aae9b837f6ec6d96a179f97849 The package npm-demoo-1111 was found to contain malicious code. Source: ghsa-malware 12073b21cd21241e9d8a004221c9e22d323091d95e7b5b9bdde2f1b20883aea4...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the PathUtils.RemoveParentPath function of the /api/admin/plugins/install/actions/download endpoint. An attacker can access unauthorized files or directories by manipulating the path argument. PoC POST...

CVE-2026-4229 vanna-ai vanna bigquery_vector.py remove_training_data sql injection

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2026-4229

CVE-2026-4229 affects vanna-ai vanna up to version 2.0.2, specifically the function remove_training_data in src/vanna/legacy/google/bigquery_vector.py. The underlying issue is a manipulation of the argument ID that enables SQL injection, permitting a remote attacker to exploit the vulnerability. ...

CVE-2026-4222 SSCMS download PathUtils.RemoveParentPath path traversal

A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of the argument path causes path traversal. Remote exploitation of the attack is possible. The exploit...

CVE-2026-4222

SCMS SSCMS: Affected software is SSCMS up to version 7.4.0. The vulnerability is in PathUtils.RemoveParentPath used by /api/admin/plugins/install/actions/download, enabling path traversal. It allows remote exploitation and the exploit has been publicly disclosed. Vendor did not respond to disclos...

MAL-2026-1450 Malicious code in @myisrfn/baileys-mod (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc229f53299b669d5c48d802a9d0a7766546ae0908e4b83ed04c51d34c97e482 The package @myisrfn/baileys-mod was found to contain malicious code. Source: ghsa-malware...

Malicious code in @sheniraid/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f232c1235fdee715d838e2f39abd6c3510308c313c075458df080ce28a4c26fa The package @sheniraid/libsignal-node was found to contain malicious code. Source: ghsa-malware...

Malicious code in @sheniraid/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec58e185ed8a16337c255a734dd403cfc5efd957a33d7a0f978e91721a69c8f5 The package @sheniraid/baileys was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1441 Malicious code in big-numben (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61c77ff6fcfee6f58a1a8a5a268bb6db596b9059b965e3bcfd58a88a197179e7 The package big-numben was found to contain malicious code. Source: ghsa-malware ae2b54e5805771f2bde8a32bc288306dc173a176a009f4309baf89672a9827fb Any...