FLAT-0Y5NO (MAL-2026-5040)
Use of software with malware In @t-in-one/only_difference_payload
5.2
Medium
Ecosystem: Npm
Package: @t-in-one/only_difference_payload
FLAT-FART7 (CVE-2026-39397)
Improper authorization control for web services In @delmaredigital/payload-puck
9.1
Critical
Ecosystem: Npm
Package: @delmaredigital/payload-puck
FLAT-XE78D (CVE-2026-34750)
Lack of data validation - Path Traversal In @payloadcms/storage-r2
3.8
Low
Ecosystem: Npm
Package: @payloadcms/storage-r2
FLAT-NNRB7 (CVE-2026-34749)
Cross-site request forgery In payload
0.6
Low
Ecosystem: Npm
Package: payload
FLAT-JZNFP (CVE-2026-34746)
Server-side request forgery (SSRF) In payload
3.9
Low
Ecosystem: Npm
Package: payload
FLAT-D10UW (CVE-2026-34748)
Server side cross-site scripting In @payloadcms/next
5.7
Medium
Ecosystem: Npm
Package: @payloadcms/next
FLAT-AWNC1 (CVE-2026-34747)
SQL injection - Code In payload
7.8
High
Ecosystem: Npm
Package: payload
FLAT-OR3GM (CVE-2026-34751)
Lack of data validation In @payloadcms/graphql
8.9
High
Ecosystem: Npm
Package: @payloadcms/graphql
FLAT-RXWLY (CVE-2026-27567)
Server-side request forgery (SSRF) In payload
3.9
Low
Ecosystem: Npm
Package: payload
FLAT-UDEXX (CVE-2026-25574)
Restricted fields manipulation In payload
0.6
Low
Ecosystem: Npm
Package: payload
FLAT-DOMRA (CVE-2026-25544)
SQL injection - Code In @payloadcms/drizzle
8.1
High
Ecosystem: Npm
Package: @payloadcms/drizzle
FLAT-DUIRK (MAL-2025-49387)
Use of software with malware In xss-payload-7n-ctf
5.2
Medium
Ecosystem: Npm
Package: xss-payload-7n-ctf
FLAT-5IY0G (MAL-2025-49388)
Use of software with malware In xss-payload-all
5.2
Medium
Ecosystem: Npm
Package: xss-payload-all
FLAT-X6NGM (CVE-2025-4644)
Session Fixation In @payloadcms/next
1.3
Low
Ecosystem: Npm
Package: @payloadcms/next
FLAT-DP58E (CVE-2025-4643)
Insecure session management In @payloadcms/graphql
1.7
Low
Ecosystem: Npm
Package: @payloadcms/graphql
FLAT-1UTOF (MAL-2025-5427)
Use of software with malware In kkyun-xss-payload
5.2
Medium
Ecosystem: Npm
Package: kkyun-xss-payload
FLAT-WIAO0 (MAL-2025-5425)
Use of software with malware In jun-xss-payload
5.2
Medium
Ecosystem: Npm
Package: jun-xss-payload
FLAT-HXK2W (MAL-2025-5437)
Use of software with malware In monpayload
5.2
Medium
Ecosystem: Npm
Package: monpayload
FLAT-HS4XY (MAL-2025-5347)
Use of software with malware In @b10902118/note-xss-payload
5.2
Medium
Ecosystem: Npm
Package: @b10902118/note-xss-payload
FLAT-YIUM8 (MAL-2025-4959)
Use of software with malware In zora-exploit-payload
5.2
Medium
Ecosystem: Npm
Package: zora-exploit-payload
FLAT-EM7U9 (MAL-2024-2847)
Use of software with malware In payload_package123
5.2
Medium
Ecosystem: Npm
Package: payload_package123
FLAT-CA0O6 (MAL-2024-2846)
Use of software with malware In payload_package1
5.2
Medium
Ecosystem: Npm
Package: payload_package1
FLAT-QZOIK (CVE-2023-30843)
Business information leak In payload
6.9
Medium
Ecosystem: Npm
Package: payload
FLAT-BGRD4 (CVE-2022-27952)
Insecure file upload In payload
8.1
High
Ecosystem: Npm
Package: payload