CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2025/07/02 11:57 a.m.•2 views

MAL-2025-5542 Malicious code in bonnet-ltd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90d8066c671e4c70fdd26ffc5ac6d901d34541c2cff4aaaf2c118c977078aec4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2025/05/13 4:50 p.m.•0 views

MAL-2025-3965 Malicious code in gltfvariantmeld (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0155401f6326638ba77892ee9e8132c5d7094e7f8bb20e46f22b995c255ce0a Any computer that has this package installed or running should be considered...

OSV•added 2025/04/18 5:58 a.m.•1 views

BELL-CVE-2025-22111

Bulletin has no description...

5.5CVSS7.5AI score0.00024EPSS

Schneier on Security•added 2025/04/15 4:2 p.m.•9 views

Slopsquatting

As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names--laced with malware, of course. EDITED TO ADD 1/22: Research paper. Slashdot thread...

7.4AI score

Exploits0

OSV•added 2025/04/07 2:59 a.m.•2 views

MAL-2025-3142 Malicious code in arno-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09b3072a4a914ee5e85596d8f9a01d42ed0596c24aa05bc664e85067c41cbd3a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2025/02/03 8:39 a.m.•3 views

MAL-2025-1113 Malicious code in discordjs-self-v22.3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95f2a02084b7cd92df40cf973c163288d499c321e099a11fc8dbb42cec5e402b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2025/01/20 7:34 a.m.•4 views

MAL-2025-168 Malicious code in borsh-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 51f002385b3c94048b1a161d8afd15fab61c24c5e54a4a23d9020a22313bd3f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2025/01/20 7:34 a.m.•1 views

MAL-2025-179 Malicious code in dds-js-devkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e0db7ac7daeb916d2610c7e857e635a24cecf8264c32d39366fc297fcda631d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2025/01/20 7:14 a.m.•2 views

MAL-2025-254 Malicious code in uber-direct-js-sdk-examples (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 30ee8294ed2bcf683f478b647f9919d6b45e0651905c29ada14a3ce392168447 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...