New NPM Vulnerability - NPMscan.com
@npmscan
2 subscribers
12 links
New Vulnerability found on NPM
Download Telegram
About
Blog
Apps
Platform
Join
New NPM Vulnerability - NPMscan.com
2 subscribers
New NPM Vulnerability - NPMscan.com
Channel created
New NPM Vulnerability - NPMscan.com
Channel photo updated
New NPM Vulnerability - NPMscan.com
CRITICAL: GHSA-q2f7-m237-v562: @hulumi/policies: GitHub OIDC trust policy bypass via AWS set-qualified condition operators — quick heads-up.

Packages: @hulumi/policies

https://npmscan.com/vulnerability/GHSA-q2f7-m237-v562
NPMSCan
Vulnerability GHSA-q2f7-m237-v562 | NPMSCan
Details, references, and analysis for vulnerability GHSA-q2f7-m237-v562 in npm ecosystem.
2 views
New NPM Vulnerability - NPMscan.com
HIGH: GHSA-4xrh-5m3m-328w: @hulumi/policies: CIS 1.16 admin policy bypass for inline and attached IAM policies — quick heads-up.

Packages: @hulumi/policies

https://npmscan.com/vulnerability/GHSA-4xrh-5m3m-328w
NPMSCan
Vulnerability GHSA-4xrh-5m3m-328w | NPMSCan
Details, references, and analysis for vulnerability GHSA-4xrh-5m3m-328w in npm ecosystem.
2 views
New NPM Vulnerability - NPMscan.com
HIGH: GHSA-g43v-9x7q-83pq: @hulumi/policies: HULUMI-H1 SecureBucket parent spoof bypass — quick heads-up.

Packages: @hulumi/policies

https://npmscan.com/vulnerability/GHSA-g43v-9x7q-83pq
NPMSCan
Vulnerability GHSA-g43v-9x7q-83pq | NPMSCan
Details, references, and analysis for vulnerability GHSA-g43v-9x7q-83pq in npm ecosystem.
2 views
New NPM Vulnerability - NPMscan.com
MEDIUM: GHSA-q8mj-m7cp-5q26 (CVE-2026-8723): qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set — quick heads-up.

Packages: qs

https://npmscan.com/vulnerability/GHSA-q8mj-m7cp-5q26
NPMSCan
Vulnerability GHSA-q8mj-m7cp-5q26 | NPMSCan
Details, references, and analysis for vulnerability GHSA-q8mj-m7cp-5q26 in npm ecosystem.
2 views
New NPM Vulnerability - NPMscan.com
HIGH: GHSA-j3vx-cx2r-pvg8 (CVE-2026-46701): Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret — quick heads-up.

Packages: network-ai

https://npmscan.com/vulnerability/GHSA-j3vx-cx2r-pvg8
NPMSCan
Vulnerability GHSA-j3vx-cx2r-pvg8 | NPMSCan
Details, references, and analysis for vulnerability GHSA-j3vx-cx2r-pvg8 in npm ecosystem.
2 views
New NPM Vulnerability - NPMscan.com
HIGH: GHSA-2ffm-hxrq-qqmm: @hulumi/drift: Orphan reconciler accepted externally supplied execute plans — quick heads-up.

Packages: @hulumi/drift

https://npmscan.com/vulnerability/GHSA-2ffm-hxrq-qqmm
NPMSCan
Vulnerability GHSA-2ffm-hxrq-qqmm | NPMSCan
Details, references, and analysis for vulnerability GHSA-2ffm-hxrq-qqmm in npm ecosystem.
2 views
New NPM Vulnerability - NPMscan.com
MEDIUM: GHSA-gfp8-mp24-5vxg: @hulumi/baseline: CloudTrail selector tampering events were not fully detected — quick heads-up.

Packages: @hulumi/baseline

https://npmscan.com/vulnerability/GHSA-gfp8-mp24-5vxg
NPMSCan
Vulnerability GHSA-gfp8-mp24-5vxg | NPMSCan
Details, references, and analysis for vulnerability GHSA-gfp8-mp24-5vxg in npm ecosystem.
2 views
New NPM Vulnerability - NPMscan.com
LOW: GHSA-f76x-f9vj-92jv (CVE-2026-46554): NocoDB: Stale Auth Cache After API Token Deletion — quick heads-up.

Packages: nocodb

https://npmscan.com/vulnerability/GHSA-f76x-f9vj-92jv
NPMSCan
Vulnerability GHSA-f76x-f9vj-92jv | NPMSCan
Details, references, and analysis for vulnerability GHSA-f76x-f9vj-92jv in npm ecosystem.
2 views
New NPM Vulnerability - NPMscan.com
LOW: GHSA-8rwr-f68v-cvw6 (CVE-2026-46553): NocoDB: Attachment Size Limit Bypass via Upload-by-URL — quick heads-up.

Packages: nocodb

https://npmscan.com/vulnerability/GHSA-8rwr-f68v-cvw6
NPMSCan
Vulnerability GHSA-8rwr-f68v-cvw6 | NPMSCan
Details, references, and analysis for vulnerability GHSA-8rwr-f68v-cvw6 in npm ecosystem.
2 views
New NPM Vulnerability - NPMscan.com
MEDIUM: GHSA-chqv-vrj7-qffp (CVE-2026-46552): NocoDB: Shared-base link access can invite arbitrary users as persistent base members — quick heads-up.

Packages: nocodb

https://npmscan.com/vulnerability/GHSA-chqv-vrj7-qffp
NPMSCan
Vulnerability GHSA-chqv-vrj7-qffp | NPMSCan
Details, references, and analysis for vulnerability GHSA-chqv-vrj7-qffp in npm ecosystem.
2 views