Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

OSV
OSVadded 3 days ago3 views

MAL-2026-5476 Malicious code in mcp-server-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 850472999c9baffe4a663fb1b8dd900ba844e8296aeb24de25864c6025af1c16 Package name squats the legitimate scoped MCP fetch server. The package.json declares "postinstall": "node index.js", which runs index.js on every np...

5.6AI score
Exploits0References1
OSV
OSVadded 3 days ago4 views

MAL-2026-5477 Malicious code in mcp-server-figma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 474223e0d5456564c1ae112031e3b8f276850a79f59cc93ed3a04805de291f20 Package squats the unscoped name mcp-server-figma, which AI coding agents and developers commonly invoke via npx mcp-server-figma expecting the...

5.5AI score
Exploits0References1
OSV
OSVadded 2026/05/26 1:2 a.m.5 views

MAL-2026-4720 Malicious code in weavedb-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3017d9faf2f1f8a8973162392159e8d185b9c676555d406da261e67cd95395e8 package.json declares "preinstall": "./src/deps.ts", but src/deps.ts is not TypeScript — its first bytes are the ELF magic \x7fELF\x02\x01\x01,...

6AI score
Exploits0References3
Rows per page
Query Builder