The product contains code that appears to be malicious in nature.
80 vulnerabilities with CWE-506
CVE-2026-6443
CRITICAL
Accordion and Accordion Slider 1.4.6 - Injected Backdoor
CVSS 9.8
CVE-2026-34424
CRITICAL
Smart Slider 3 Pro 3.5.1.35 Supply Chain Attack Remote Access Toolkit
CVSS 9.8
CVE-2026-34841
CRITICAL
Axios npm Supply Chain Incident Impacting @usebruno/cli
CVSS 9.8
CVE-2026-33634
HIGH
KEV
Trivy ecosystem supply chain briefly compromised
CVSS 8.8
CVE-2026-31976
CRITICAL
xygeni-action v5 - Code Injection
CVSS 9.8
CVE-2026-28353
CRITICAL
Trivy VSCode Extension 1.8.12 - Code Injection
CVE-2025-59374
CRITICAL
KEV
ASUS Live Update - Unintended Actions
CVSS 9.8
CVE-2025-55556
MEDIUM
TensorFlow <2.18.0 - Info Disclosure
CVSS 6.5
CVE-2025-10894
CRITICAL
Nx Build System and Plugins - Malicious Code Injection via npm
CVSS 9.6
CVE-2025-59145
HIGH
color-name <2.0.1 - RCE
CVE-2025-59331
HIGH
is-arrayish <0.3.3 - Code Injection
CVE-2025-59330
HIGH
error-ex 1.3.3 - Code Injection
CVE-2025-59162
HIGH
color-convert 3.1.1 - Command Injection
CVE-2025-59144
HIGH
debug <4.4.2 - Code Injection
CVE-2025-59143
HIGH
color <5.0.1 - Code Injection
CVE-2025-59142
HIGH
color-string 2.1.1 - Open Redirect
CVE-2025-59141
HIGH
simple-swizzle 0.2.3 - Code Injection
CVE-2025-59140
HIGH
backlash <0.2.1 - Code Injection
CVE-2025-59039
CRITICAL
PUC <1.17.3 - Info Disclosure
CVE-2025-59038
HIGH
Prebid.js <10.9.2 - Open Redirect
CVE-2025-59037
HIGH
DuckDB <1.3.3 - Info Disclosure
CVE-2025-8217
MEDIUM
Amazon Q Developer VS Code <1.85.0 - Info Disclosure
CVSS 4.0
CVE-2025-54313
HIGH
KEV
eslint-config-prettier <10.1.7 - Code Injection
CVSS 7.5
CVE-2025-32965
CRITICAL
xrpl.js <4.2.1-4.2.4, 2.14.2 - Code Injection
CVE-2025-30154
HIGH
KEV
reviewdog/action-setup <v1 - RCE
CVSS 8.6
Details
Vulnerabilities
80