Homepage

Find out if you have vulnerabilities that put you at risk

Test your applications
Toggle filtering controls
Report a new vulnerability
VULNERABILITYAFFECTSTYPEPUBLISHED
  • C
Malicious Package		elf-stats-piney-icicle-501*npm4 Dec 2025
  • C
Malicious Package		elf-stats-candlelit-reindeer-881*npm4 Dec 2025
  • H
Arbitrary Argument Injection		@anthropic-ai/claude-code<1.0.93npm4 Dec 2025
  • C
Malicious Package		hast-util-to-mdast9*npm4 Dec 2025
  • C
Malicious Package		beep-types*npm4 Dec 2025
  • C
Malicious Package		elf-stats-bright-cocoa-293*npm4 Dec 2025
  • C
Malicious Package		elf-stats-candlelit-marshmallow-663*npm4 Dec 2025
  • C
Malicious Package		elf-stats-mulled-stocking-538*npm4 Dec 2025
  • C
Malicious Package		elf-stats-mulled-ornament-810*npm4 Dec 2025
  • C
Malicious Package		unified10*npm4 Dec 2025
  • C
Malicious Package		unified11*npm4 Dec 2025
  • C
Malicious Package		remark-stringify10*npm4 Dec 2025
  • C
Malicious Package		elf-stats-lanternlit-snowman-834*npm4 Dec 2025
  • C
Malicious Package		remark-mdx2.3*npm4 Dec 2025
  • C
Malicious Package		elf-stats-marzipan-cocoa-562*npm4 Dec 2025
  • C
Malicious Package		remark-parse10*npm4 Dec 2025
  • C
Malicious Package		elf-stats-jubilant-ornament-641*npm4 Dec 2025
  • C
Malicious Package		email-regexed*npm3 Dec 2025
  • C
Arbitrary Code Injection		next>=14.3.0-canary.77 <15.0.5>=15.1.0 <15.1.9>=15.2.0-canary.0 <15.2.6>=15.3.0-canary.0 <15.3.6>=15.4.0-canary.0 <15.4.8>=15.5.0 <15.5.7>=16.0.0-beta.0 <16.0.7npm3 Dec 2025
  • C
Arbitrary Code Injection		react-server-dom-turbopack>=19.0.0-rc.0 <19.0.1>=19.1.0 <19.1.2>=19.2.0 <19.2.1npm3 Dec 2025
  • C
Arbitrary Code Injection		react-server-dom-parcel>=19.1.0 <19.1.2>=19.2.0 <19.2.1npm3 Dec 2025
  • C
Arbitrary Code Injection		react-server-dom-webpack>=19.0.0-rc.0 <19.0.1>=19.1.0 <19.1.2>=19.2.0 <19.2.1npm3 Dec 2025
  • H
Arbitrary File Upload		@evershop/evershop<2.1.0npm3 Dec 2025
  • C
Malicious Package		buffer-envjs*npm3 Dec 2025
  • H
Insecure Default Initialization of Resource		@modelcontextprotocol/sdk<1.24.0npm3 Dec 2025
  • M
External Control of File Name or Path		better-auth<1.4.3npm3 Dec 2025
  • M
Improperly Controlled Modification of Dynamically-Determined Object Attributes		mdast-util-to-hast>=13.0.0 <13.2.1npm3 Dec 2025
  • C
Malicious Package		kwp-router*npm3 Dec 2025
  • C
Malicious Package		eslint-plugin-unicorn-ts-2*npm2 Dec 2025
  • M
Directory Traversal		@fastify/reply-from<12.5.0npm2 Dec 2025