CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

OSV•added 2026/05/20 3:8 p.m.•2 views

MAL-2026-4409 Malicious code in @nutui/nutui-react-taro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71ad42f4bfd953311c2d69f622cc6e8d5193a8852ac0bbc9ea0781ac6b651390 The package's postinstall.js invokes execSync'npm-usage-stats disable' and execSync'npm-usage-stats', stdio: 'inherit' . The npm-usage-stats bin is...

6.4AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/20 10:51 a.m.•7 views

Malicious code in @spcsn/taro-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10e2baba3a5166ecf1196146e1b2a8771836b25bd7f8d56979e3e277a3de9625 The package's postinstall script probes https://taro.jd.com/ and then invokes its own CLI to run npm install...

6.1AI score

Exploits0References1

OSV•added 2026/05/20 10:51 a.m.•5 views

MAL-2026-4447 Malicious code in @spcsn/taro-cli (npm)

6.1AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/19 7:6 p.m.•6 views

Malicious code in @tarojs/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59b4e6cd0fe6bd16c6fb2bd04e6542a2a3052182d8815a08b124df56f2d9fde2 On npm install, the package's postinstall script performs a reachability GET to https://taro.jd.com/ and, on success, invokes the package's own...

6AI score

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-1970

Malware in sbrugna...

7.8CVSS7.5AI score0.00248EPSS

Exploits1References5

CNNVD•added 2025/09/26 12:0 a.m.•1 views

ruoyi-vue-pro 授权问题漏洞

ruoyi-vue-pro is China's taro source code zhijiantianya open source an optimized refactoring of efficient backend management system framework for the development of enterprise backend , SaaS platforms , WeChat small program backend and so on. ruoyi-vue-pro 2025.09 and previous versions of the...

8.8CVSS6.7AI score0.00074EPSS

Exploits0References4

OSV•added 2025/06/09 9:30 p.m.•1 views

GHSA-F5XG-CFPJ-2MW6 taro-css-to-react-native Regular Expression Denial of Service vulnerability

A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely...

5.3CVSS4.8AI score0.00742EPSS

Exploits1References8

vulnersOsv•added 2025/06/09 9:30 p.m.•4 views

@agreejs/cli (>=0.0.1 <=3.2.43), @agreejs/rn-runner (>=3.2.1 <=3.2.15) +98 more potentially affected by CVE-2025-5896 via taro-css-to-react-native (>=1.3.0-beta.1 <=4.1.2-alpha.2)

taro-css-to-react-native NPM version =1.3.0-beta.1, =0.0.1, =3.2.1, =3.2.1, =1.0.0, =1.0.0, =1.0.0-alpha.1, =1.0.0-alpha.1, =1.0.0, =1.1.5, =1.0.0, =1.3.2 - @c-art/convert-cli =1.1.0 - @d-bigfish/cli =1.0.14 - @d1m-atom/taro-vue-cli =1.0.5 and more Source cves: CVE-2025-5896 Source advisory:...

7.5CVSS5.8AI score0.00742EPSS

Exploits1

OSV•added 2025/06/09 9:15 p.m.•3 views

CVE-2025-5896

7.5CVSS7.3AI score

Exploits0References6

NVD•added 2025/06/09 9:15 p.m.•5 views

CVE-2025-5896

7.5CVSS0.00742EPSS

Exploits1References6

CNNVD•added 2025/06/09 12:0 a.m.•1 views

NervJS taro 安全漏洞

NervJS taro is an open cross-end cross-framework solution open-sourced by NervJS. A security vulnerability exists in NervJS taro version 4.1.1 and earlier, which stems from an incorrect manipulation of the file taro/packages/css-to-react-native/src/index.js resulting in inefficient regular...

7.5CVSS4.7AI score0.00742EPSS

Exploits1References7