Skip to main content
Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Unlock full vulnerability insights and fix guidance with Sonatype Guide.
Sign up for free
Vulnerabilities
sonatype-2026-003277
sonatype-2026-003277
Malicious Packages - Thu May 21 2026 [PolinRider] [Dropper]
Published May 21, 2026
help.sonatype.com
CVSS Score
High
8.7
Security Details
Security Details
Components Impacted
Components Impacted
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
npm
@common-stack/generate-plugin
10.0.1-alpha.0
npm
@common-stack/generate-plugin
9.0.2-alpha.21
npm
@common-stack/generate-plugin
9.0.2-alpha.22
npm
@common-stack/generate-plugin
9.0.2-alpha.23
npm
@common-stack/generate-plugin
9.0.2-alpha.24
npm
@common-stack/generate-plugin
9.0.4-alpha.0
npm
@common-stack/generate-plugin
9.0.4-alpha.1
npm
@common-stack/generate-plugin
9.0.5-alpha.0
npm
@common-stack/generate-plugin
9.0.5-alpha.1
npm
@common-stack/generate-plugin
9.0.5-alpha.2
npm
@common-stack/generate-plugin
9.0.5-alpha.3
npm
@common-stack/generate-plugin
9.0.5-alpha.4
npm
@common-stack/generate-plugin
9.0.5-alpha.5
1-13 of 13
sonatype-2026-003277 | Components Impacted | Sonatype Guide
