Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
MAL-2026-10778
  • npm/relativity-pdfjs-dist
Malicious code in relativity-pdfjs-dist (npm) 7 hours ago
  • No fix available
MAL-2026-10772
  • npm/axios-native
Malicious code in axios-native (npm) 17 hours ago
  • No fix available
MAL-2026-10773
  • npm/telemetry-axios
Malicious code in telemetry-axios (npm) 17 hours ago
  • No fix available
GHSA-r95q-fp26-h3hc
  • npm/@tak-ps/cloudtak
CloudTAK: Authenticated full-read SSRF in the /api/esri* routes — user-controlled URL fetched with no IP-classification guard 18 hours ago
  • Fix available
  • Severity - 7.6 (High)
GHSA-g77h-45rf-hcx4
  • npm/exifreader
ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes 20 hours ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-c4gh-rv8h-q9vw
  • npm/@prompty/core
Prompty: Arbitrary code execution via JavaScript frontmatter in TypeScript loader 20 hours ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-wxhm-2mq7-7697
  • NuGet/Prompty.Core
  • PyPI/prompty
  • crates.io/prompty
  • npm/@prompty/core
Prompty: Arbitrary file read via file reference expansion 20 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-f7wf-v2vw-mpcx
  • npm/mcp-memory-keeper
mcp-memory-keeper: Arbitrary local file read in context_import via unvalidated filePath 21 hours ago
  • Fix available
  • Severity - 6.2 (Medium)
GHSA-vqrw-qphh-p34v
  • npm/@tak-ps/cloudtak
TAK-PS-Stats Web UI: Authenticated full-read SSRF in CloudTAK basemap import (PUT /api/basemap) — no IP-classification guard 21 hours ago
  • No fix available
  • Severity - 5.0 (Medium)
MAL-2026-10776
  • npm/n8n-nodes-final-mile
Malicious code in n8n-nodes-final-mile (npm) yesterday
  • No fix available
MAL-2026-10775
  • npm/n8n-nodes-devops-utils
Malicious code in n8n-nodes-devops-utils (npm) yesterday
  • No fix available
MAL-2026-10777
  • npm/n8n-nodes-probe
Malicious code in n8n-nodes-probe (npm) yesterday
  • No fix available
MAL-2026-10769
  • npm/easyway2
Malicious code in easyway2 (npm) yesterday
  • No fix available
MAL-2026-10774
  • npm/n8n-nodes-api-finder
Malicious code in n8n-nodes-api-finder (npm) yesterday
  • No fix available
MAL-2026-10761
  • npm/my-tailwind-gutenberg-block
Malicious code in my-tailwind-gutenberg-block (npm) yesterday
  • No fix available
MAL-2026-10707
  • npm/@ai-support-agent/cli
Malicious code in @ai-support-agent/cli (npm) yesterday
  • No fix available