tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix,

OSV-MAL-2026-5723—14 h ago

Malicious code in @ci-lifecycle-test/postinstall-ping (npm)

OSV-MAL-2026-5724—14 h ago

Malicious code in warp-dependency (npm)

CVE-2026-50287—18 h ago

@agenticmail/mcp Missing Authentication for Critical Function

OSV-MAL-2026-5718—18 h ago

Malicious code in ect-472839-ctf (npm)

OSV-MAL-2026-5721—18 h ago

Malicious code in ect-839201-ctf (npm)

OSV-MAL-2026-5720—18 h ago

Malicious code in ect-839201 (npm)

OSV-MAL-2026-5719—18 h ago

Malicious code in ect-654321 (npm)

OSV-MAL-2026-5717—18 h ago

Malicious code in claudechor (npm)

OSV-MAL-2026-5710—19 h ago

Malicious code in chalk-plus-ts (npm)

OSV-MAL-2026-5709—19 h ago

Malicious code in chalk-plus-js (npm)

OSV-MAL-2026-5715—19 h ago

Malicious code in workflow-postgres-setup (npm)

OSV-MAL-2026-5711—19 h ago

Malicious code in chalk-pro (npm)

OSV-MAL-2026-5712—19 h ago

Malicious code in jextic-eclib (npm)

OSV-MAL-2026-5713—19 h ago

Malicious code in vite-plugin-compress-js (npm)

OSV-MAL-2026-5714—19 h ago

Malicious code in vite-plugin-logo (npm)

OSV-GHSA-gv7w-rqvm-qjhr—20 h ago

esbuild: Missing binary integrity verification in Deno module enables remote code execution via NPM_CONFIG_REGISTRY

OSV-GHSA-g7r4-m6w7-qqqr—20 h ago

esbuild allows arbitrary file read when running the development server on Windows

OSV-MAL-2026-5677—20 h ago

Malicious code in worker-build (npm)

OSV-MAL-2026-5672—20 h ago

Malicious code in vqlxjmpr (npm)

OSV-MAL-2026-5576—20 h ago

Malicious code in vite-tsconfig (npm)

OSV-MAL-2026-5708—20 h ago

Malicious code in vite-svgr (npm)

OSV-MAL-2026-5701—20 h ago

Malicious code in vite-react-toolkit (npm)

OSV-MAL-2026-4703—20 h ago

Malicious code in veteran (npm)

OSV-MAL-2026-5633—20 h ago

Malicious code in typeorm-encrypt (npm)

OSV-MAL-2026-5638—20 h ago

Malicious code in tw-fluid-type (npm)

OSV-MAL-2026-5406—20 h ago

Malicious code in ui-weave (npm)

OSV-MAL-2026-5707—20 h ago

Malicious code in ttspc-server-sample (npm)

OSV-MAL-2026-3774—20 h ago

Malicious code in ts-build-optimize (npm)

OSV-MAL-2026-5705—20 h ago

Malicious code in theta-connector (npm)

OSV-MAL-2026-5706—20 h ago

Malicious code in theta-kit (npm)

OSV-MAL-2026-4682—20 h ago

Malicious code in tango-app-api-trax (npm)

OSV-MAL-2026-5632—20 h ago

Malicious code in tailwindcss-merge (npm)

OSV-MAL-2026-5637—20 h ago

Malicious code in tailwindcss-animotion (npm)

OSV-MAL-2026-5636—20 h ago

Malicious code in swagger-express-routes (npm)