{"vulnerability": "cve-2026-47428", "sightings": [{"uuid": "ccb65112-df79-4ed6-bf58-1170de762898", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-47428", "type": "published-proof-of-concept", "source": "https://github.com/vitest-dev/vitest/security/advisories/GHSA-2h32-95rg-cppp", "content": "", "creation_timestamp": "2026-05-19T09:23:47.000000Z"}, {"uuid": "d36e2be9-5539-421e-9b15-a779cd2bb4b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47428", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqotrh5lhp2u", "content": "CVE-2026-47428 - browser\nVitest's browser mode can execute malicious JavaScript if you visit a specially crafted URL. This could allow an attacker to steal your Vitest API token and use it to access your\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#browser #vitest #npm #CVE #infosec", "creation_timestamp": "2026-07-15T13:38:04.946277Z"}]}