{"vulnerability": "CVE-2026-47429", "sightings": [{"uuid": "e2c1abbd-97b9-4484-ba21-9e557b2923b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-47429", "type": "published-proof-of-concept", "source": "https://github.com/vitest-dev/vitest/security/advisories/GHSA-5xrq-8626-4rwp", "content": "", "creation_timestamp": "2026-05-19T09:24:23.000000Z"}, {"uuid": "204828ac-eb7e-4791-aaec-a43350c0128b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47429", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3mnqcloetts2r", "content": "JavaScript \u30c6\u30b9\u30c8\u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af Vitest\u306b\u91cd\u5927\u306a\u8106\u5f31\u6027(VE-2026-47428,CVE-2026-47429,CVE\u672a\u63a1\u756a)\nrocket-boys.co.jp/security-mea...\n\n#\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56Lab #security #securitynews", "creation_timestamp": "2026-06-07T23:20:25.452654Z"}, {"uuid": "70ffff1a-3271-4119-9a47-48c9d5cfb966", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47429", "type": "published-proof-of-concept", "source": "Telegram/cFkqaiLeMF7rcnyy-4alEvGOnwxzqn60V0GjpreyOt3-Yxw", "content": "", "creation_timestamp": "2026-06-09T11:00:07.000000Z"}, {"uuid": "c9fa1e0f-7970-4e57-a9f4-0d1e07e645a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47429", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mprkoe7q362x", "content": "CVE-2026-47429 - @rootio/vitest\nThe Root vitest package had a vulnerability that could allow an attacker to execute unauthorized code. This could have let a malicious user access or modify sensitive data.\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#rootio #Rootnpm #CVE #infosec", "creation_timestamp": "2026-07-03T22:08:04.921396Z"}]}