{"vulnerability": "cve-2026-47429", "sightings": [{"uuid": "e2c1abbd-97b9-4484-ba21-9e557b2923b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-47429", "type": "published-proof-of-concept", "source": "https://github.com/vitest-dev/vitest/security/advisories/GHSA-5xrq-8626-4rwp", "content": "", "creation_timestamp": "2026-05-19T09:24:23.000000Z"}, {"uuid": "204828ac-eb7e-4791-aaec-a43350c0128b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47429", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3mnqcloetts2r", "content": "JavaScript \u30c6\u30b9\u30c8\u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af Vitest\u306b\u91cd\u5927\u306a\u8106\u5f31\u6027(VE-2026-47428,CVE-2026-47429,CVE\u672a\u63a1\u756a)\nrocket-boys.co.jp/security-mea...\n\n#\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56Lab #security #securitynews", "creation_timestamp": "2026-06-07T23:20:25.452654Z"}, {"uuid": "70ffff1a-3271-4119-9a47-48c9d5cfb966", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47429", "type": "published-proof-of-concept", "source": "Telegram/cFkqaiLeMF7rcnyy-4alEvGOnwxzqn60V0GjpreyOt3-Yxw", "content": "", "creation_timestamp": "2026-06-09T11:00:07.000000Z"}, {"uuid": "c9fa1e0f-7970-4e57-a9f4-0d1e07e645a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47429", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mprkoe7q362x", "content": "CVE-2026-47429 - @rootio/vitest\nThe Root vitest package had a vulnerability that could allow an attacker to execute unauthorized code. This could have let a malicious user access or modify sensitive data.\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#rootio #Rootnpm #CVE #infosec", "creation_timestamp": "2026-07-03T22:08:04.921396Z"}, {"uuid": "641e59ae-0df8-4a68-a91f-59396d419780", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47429", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqmxjui5ty2t", "content": "CVE-2026-47429 - vitest\nIf you're using Vitest UI on Windows and exposing it to the network, or running it on Windows without proper security, an attacker could access and execute arbitrary files.\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#vitest #GitHubActions #npm #CVE #infosec", "creation_timestamp": "2026-07-14T19:40:05.831331Z"}]}