Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
MAL-2026-3809
  • npm/@tc-core/campus-service
 Malicious code in @tc-core/campus-service (npm) 8 hours ago
  • No fix available
MAL-2026-3808
  • npm/@citi-icg-158830/icgds-react-css
 Malicious code in @citi-icg-158830/icgds-react-css (npm) 9 hours ago
  • No fix available
MAL-2026-3807
  • npm/@citi-icg-158830/elemental-ui-react
 Malicious code in @citi-icg-158830/elemental-ui-react (npm) 9 hours ago
  • No fix available
MAL-2026-3806
  • npm/@citi-icg-158830/elemental-chameleon
 Malicious code in @citi-icg-158830/elemental-chameleon (npm) 9 hours ago
  • No fix available
MAL-2026-3804
  • npm/bui-react-10components
 Malicious code in bui-react-10components (npm) 20 hours ago
  • No fix available
GHSA-44m2-crh7-f4q2
  • npm/@budibase/server
 Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameters including host, port, and URL yesterday
  • Fix available
  • Severity - 8.8 (High)
GHSA-fgqv-jh4g-pvg2
  • npm/@budibase/server
 Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration yesterday
  • Fix available
  • Severity - 7.7 (High)
GHSA-rpj4-7x2v-wjrf
  • npm/@budibase/server
 Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation yesterday
  • Fix available
  • Severity - 7.7 (High)
GHSA-p6v2-xcpg-h6xw
  • npm/better-auth
 Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation yesterday
  • Fix available
  • Severity - 7.3 (High)
GHSA-wxw3-q3m9-c3jr
  • npm/better-auth
 Better Auth: OAuth callback accepts mismatched `state` when cookie-backed state storage is used without PKCE yesterday
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-gcmj-c9gg-9vh6
  • npm/@joplin/onenote-converter
 @joplin/onenote-converter: Path traversal in OneNote importer allows overwriting arbitrary files yesterday
  • Fix available
  • Severity - 8.2 (High)
MAL-2026-3802
  • npm/@datatrain/passenger-v3
 Malicious code in @datatrain/passenger-v3 (npm) yesterday
  • No fix available
MAL-2026-3794
  • npm/dowload_ebok_also_an_octopus_by_maggie_tokuda_hall_ah2ip
 Malicious code in dowload_ebok_also_an_octopus_by_maggie_tokuda_hall_ah2ip (npm) yesterday
  • No fix available
MAL-2026-3795
  • npm/dowload_ebok_como_leer_el_futbol_by_ruud_gullit_8qd97
 Malicious code in dowload_ebok_como_leer_el_futbol_by_ruud_gullit_8qd97 (npm) yesterday
  • No fix available
MAL-2026-3796
  • npm/dowload_ebok_los_enemigos_del_comercio_by_antonio_escohotado_6t2l4
 Malicious code in dowload_ebok_los_enemigos_del_comercio_by_antonio_escohotado_6t2l4 (npm) yesterday
  • No fix available
MAL-2026-3797
  • npm/dowload_ebok_stalking_jack_the_ripper_by_kerri_maniscalco_james_patterson_b529t
 Malicious code in dowload_ebok_stalking_jack_the_ripper_by_kerri_maniscalco_james_patterson_b529t (npm) yesterday
  • No fix available
Load more...