Lucene search
K

69 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in @cw-ui/micro-ui-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b558c8d90850ea9817e236b445ba2bc1020a35a81a099a5e1575ef705b00bd39 On npm install, postinstall.js reads the installer's hostname via os.hostname and sends it as a query parameter to a hardcoded bare-IP HTTP endpoint:...

6.1AI score
Exploits0References2
HackRead
HackRead
added 2026/05/31 2:54 p.m.18 views

27,000-Download Codex UI Tool Secretly Stole OpenAI Refresh Tokens

A malicious Codex UI npm package with 27,000 weekly downloads was caught exfiltrating OpenAI refresh tokens, exposing developers to account takeover risks...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/18 1:44 p.m.17 views

CLEANSTART-2026-VU90450 Security fixes for CVE-2025-47911, CVE-2025-58190, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-64715, CVE-2025-68119, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, CVE-2026-33726 applied in versions: 0.13.3-r0, 0.13.3-r1

Multiple security vulnerabilities affect the hubble-ui package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.9AI score0.01945EPSS
Exploits3References25
vulnersOsv
vulnersOsv
added 2026/05/13 5:22 p.m.7 views

10minions-engine (>=0.0.1 <=0.0.4), @0xr404/lol404 (>=1.1.0 <=1.1.6) +3276 more potentially affected by CVE-2026-45740 via protobufjs (>=7.0.0 <=7.5.6)

protobufjs NPM version =7.0.0, =0.0.1, =1.1.0, =1.0.1-beta.0, =0.0.2-beta.0, =1.0.0, =1.5.10, =0.10.1, =1.1.0, =6.0.0, =2.0.2, =3.3.2 and more Source cves: CVE-2026-45740 Source advisory: SNYK:JS-PROTOBUFJS-16657755...

7.5CVSS5.7AI score0.00263EPSS
Exploits0
Snyk
Snyk
added 2026/01/22 3:49 p.m.2 views

Malicious Package

Overview @ikeacn/ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.5AI score
Exploits0References2
OSV
OSV
added 2026/01/22 12:23 p.m.4 views

MAL-2026-462 Malicious code in @ikeacn/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d77c56bdcd5f8b143de093a7fadd0d3c1c3cb5f06320a636c13438b58ebd68b2 The package @ikeacn/ui was found to contain malicious code. Source: ghsa-malware 36d82d92933643ae45e15ad2306059f66a4c3c1bfb998555c0356bc7eca5aa33 Any...

5.5AI score
Exploits0References1
Snyk
Snyk
added 2026/01/16 4:43 p.m.8 views

Malicious Package

Overview chakra-ui-2--styled-system is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2026/01/16 4:43 p.m.11 views

Malicious Package

Overview chakra-ui-2--react-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
EUVD
EUVD
added 2026/01/16 12:10 a.m.8 views

EUVD-2026-3083

Malicious code in chakra-ui-2--react npm...

6.6AI score
Exploits0References1
Wolfi
Wolfi
added 2026/01/07 1:51 a.m.1 views

GHSA-PG5P-WWP8-97G8 vulnerabilities

Vulnerabilities for packages: hubble-ui...

7AI score
Exploits0
Chainguard
Chainguard
added 2025/12/11 7:17 a.m.22 views

CVE-2025-64715 vulnerabilities

Vulnerabilities for packages: hubble-ui, hubble-ui-backend-fips...

5.5CVSS7AI score0.00161EPSS
Exploits0
Chainguard
Chainguard
added 2025/12/11 7:17 a.m.6 views

GHSA-38PP-6GCP-RQVM vulnerabilities

Vulnerabilities for packages: hubble-ui, hubble-ui-backend-fips...

6.1AI score
Exploits0
Snyk
Snyk
added 2025/12/11 12:51 a.m.1 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the redirecturl parameter when url.Parse....IsAbs is false. An attacker can redirect users to malicious sites by supplying a protocol-relative URL with an empty scheme, which is improperly validated and allows...

6.1CVSS6.4AI score0.00187EPSS
Exploits1References2
OSV
OSV
added 2025/11/22 12:51 p.m.4 views

MAL-2025-190619 Malicious code in hyatt-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45791aa99b3cab0aaa98d1564ffb2226c039f7e31723b2b4e6033d482e1ad3d6 The package hyatt-ui was found to contain malicious code. Source: ossf-package-analysis...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/11/22 12:46 p.m.5 views

EUVD-2025-198555

Malicious code in sentry-ui npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/11/22 12:46 p.m.2 views

MAL-2025-190614 Malicious code in sentry-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10b344e30280f8d412e7bb23ee828cea19637206f94ef992a20c372957c53b32 The package sentry-ui was found to contain malicious code. Source: ossf-package-analysis...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in chakra-ui-ophiuchus-sublimation-readable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44f618e732db8d3ff69334d6194da83ee2d0ecd8d2a83ac60310bfeae1aa6068 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.2 views

MAL-2025-186086 Malicious code in chakra-ui-ethology-biomimicry-superflare (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ec1a6bd4839590111dd4aee2301174b7baaaf80bc633899c529eda7de74071c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.3 views

MAL-2025-186713 Malicious code in element-ui-fermiparadox-carpo-orogeny (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6743a0059c55715c9eb684a714dfa0ccb855380d2eaaf67d88ce2f24837134be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:29 a.m.1 views

EUVD-2025-122073

Malicious code in semantic-ui-kaus-install-centaurus npm...

6.6AI score
Exploits0
Rows per page
Query Builder