Lucene search
K

4 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 12:0 a.m.12 views

Malicious code in ast-plugin (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSV
OSV
added 2025/09/07 4:1 p.m.3 views

EEF-CVE-2025-48042 Before action hooks may execute in certain scenarios despite a request being forbidden

Summary Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program...

7.1CVSS5.8AI score0.00293EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/01 9:47 a.m.8 views

Malicious code in actions-run-service (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0096c4c86f75bd5815b589d90393b9d5efa12ac9fdae99a2cb6293475de0cbf8 The OpenSSF Package Analysis project identified 'actions-run-service' @ 0.0.1.r2301dc6 rubygems as malicious. It is considered malicious because...

7.2AI score
Exploits0
OSV
OSV
added 2025/09/01 9:47 a.m.8 views

MAL-2025-46891 Malicious code in actions-run-service (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0096c4c86f75bd5815b589d90393b9d5efa12ac9fdae99a2cb6293475de0cbf8 The OpenSSF Package Analysis project identified 'actions-run-service' @ 0.0.1.r2301dc6 rubygems as malicious. It is considered malicious because...

7.2AI score
Exploits0
Rows per page
Query Builder