CVE-2020-10256

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to...

EUVD-2014-3692

Malware in sbrugna...

EUVD-2018-11537

Malware in sbrugna...

EUVD-2021-13689

Malware in sbrugna...

EUVD-2021-23346

Malware in sbrugna...

EUVD-2012-6224

Malware in sbrugna...

EUVD-2020-10100

Malware in sbrugna...

EUVD-2022-34180

Malicious code in bioql PyPI...

EUVD-2021-28803

Malicious code in bioql PyPI...

CVE-2024-42219

1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient...

CVE-2022-32550

An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with th...

CVE-2022-29868

1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used f...

CVE-2021-36758

1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation. Malicious users authorized to create Secrets Automation access tokens can create tokens that have access beyond what the...

CVE-2021-26905

1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key...

CVE-2020-18173

A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code...

CVE-2014-3753

AgileBits 1Password through 1.0.9.340 allows security feature bypass...

CVE-2012-6369

Cross-site scripting XSS vulnerability in the Troubleshooting Reporting System feature in AgileBits 1Password 3.9.9 might allow remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header that is not properly handled in a View Troubleshooting Report action...

MAL-2025-1540 Malicious code in 1password-sdk-examples (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain...

MAL-2025-327 Malicious code in 1password-sdk-exapmles (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98366c77213b87d7622472828c95aa7590386458d140ad0a0b31a86afde5b6ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

1Password - Enterprise Password Manager: API Key Exposed in JavaScript File on 1Password Developer Site

An API key has been exposed in the JavaScript file accessible via the public developer documentation for 1Password. This exposure could potentially allow unauthorized access to APIs or services that rely on this key, leading to a range of security issues, including data leakage or unauthorized...