Lucene search
K

130 matches found

OSV
OSV
added 6 days ago2 views

MAL-2026-10038 Malicious code in antsrcsrctest (npm)

The npm package antsrcsrctest masquerades as a "simple date formatting utility" index.js exports a harmless formatDate function that is never referenced by the malicious code but is a credential-harvesting and cloud-metadata-stealing reconnaissance tool. It declares a preinstall: node preinstall....

6.1AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.6 views

@alicloud/cloud-charts (>=0.1.0 <=0.1.10), @alicloud/console-charts (>=0.1.0 <=0.3.0) +139 more potentially affected by unknown CVE via @antv/g2-brush (=0.0.2)

@antv/g2-brush NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g2-brush and may be impacted: - @alicloud/cloud-charts =0.1.0, =0.1.0, =0.0.113, =0.0.113, =0.1.4-beta-3.3, =2.5.1, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5,...

5.7AI score
Exploits0
OSV
OSV
added 2026/05/15 10:40 a.m.7 views

MAL-2026-3780 Malicious code in aliyun-internal-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ad3b492d9e89c081c72b95aba3aa4fd0c436a8f5050c7538e57dec619af2258 The package aliyun-internal-config was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/15 10:40 a.m.15 views

Malicious code in aliyun-internal-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ad3b492d9e89c081c72b95aba3aa4fd0c436a8f5050c7538e57dec619af2258 The package aliyun-internal-config was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Fedora
Fedora
added 2026/03/28 12:19 a.m.6 views

[SECURITY] Fedora 44 Update: rust-reqsign-aliyun-oss-3.0.0-1.fc44

Aliyun OSS signing implementation for reqsign...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/30 7:9 p.m.9 views

Malicious code in snapshot-date (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8e86008d35e5f11e68c465940563127cdc9ba1d4b2963f092914bf8e9ce2587b This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

6AI score
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/12/10 6:30 p.m.9 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1887 more potentially affected by CVE-2025-67635 via org.jenkins-ci.main:cli (>=1.396 <=2.528.2)

org.jenkins-ci.main:cli MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.23 and more Source cves: CVE-2025-67635 Source advisory: OSV:GHSA-9P56-P6MW-W8QC...

7.5CVSS7.3AI score0.00515EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/11/28 6:30 p.m.15 views

cc.ddrpa.dorian.polystash:polystash-spring-boot-starter (=1.0.0), com.alibaba.fastjson2:fastjson2-extension (>=2.0.27 <=2.0.62) +39 more potentially affected by CVE-2025-12183 via org.lz4:lz4-pure-java (=1.8.0)

org.lz4:lz4-pure-java MAVEN version =1.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.lz4:lz4-pure-java and may be impacted: - cc.ddrpa.dorian.polystash:polystash-spring-boot-starter =1.0.0 - com.alibaba.fastjson2:fastjson2-extension =2.0.27,...

8.8CVSS6.8AI score0.00647EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-0115

Malware in sbrugna...

7.5CVSS7.5AI score0.01048EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-28414

Malicious code in bioql PyPI...

7.6CVSS8.6AI score0.00515EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/18 10:15 a.m.7 views

Malicious code in aliyun-ai-labs-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSV
OSV
added 2025/06/18 10:15 a.m.11 views

MAL-2025-5095 Malicious code in aliyun-ai-labs-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:24 p.m.6 views

CVE-2022-39397

aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1...

5.6CVSS6.8AI score0.00421EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/19 3:43 p.m.8 views

Malicious code in aliyun-ai-labs-snippets-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 459b9313aa2d453392e97f619a0ffb2898c3b90700e72dcb2cde4d1a1b97b1ac During the importing, it loads a file pretending to an AI model. This file contains pickle-serialized code that exfiltrates data basic IP/username info, as wel...

7.3AI score
Exploits0References3
OSV
OSV
added 2025/05/19 3:43 p.m.8 views

MAL-2025-5096 Malicious code in aliyun-ai-labs-snippets-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 459b9313aa2d453392e97f619a0ffb2898c3b90700e72dcb2cde4d1a1b97b1ac During the importing, it loads a file pretending to an AI model. This file contains pickle-serialized code that exfiltrates data basic IP/username info, as wel...

7.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/11 11:19 p.m.10 views

Malicious code in upload-aliyun-oss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b137056ce2896ba2e4b0b632262308afc40672c5a46bff9c2cb50a7b3a81a386 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/03/11 11:19 p.m.6 views

MAL-2025-2283 Malicious code in upload-aliyun-oss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b137056ce2896ba2e4b0b632262308afc40672c5a46bff9c2cb50a7b3a81a386 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/25 6:18 p.m.5 views

Malicious code in amzclients-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7918a5aab99f521336ce5a17ca3b3dae77256011f91ed8dc22c4d9a38123f539 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score
Exploits0References4
OSV
OSV
added 2025/02/25 6:18 p.m.13 views

MAL-2025-191905 Malicious code in time-service-checker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 92ae5fc73fd7cc45d02ba02f6c3b667d155f681ba74262d66421edee5f19d237 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score
Exploits0References4
OSV
OSV
added 2025/02/25 6:18 p.m.3 views

MAL-2025-191677 Malicious code in alicloud-client-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 59563b61e548ff83488a4940e0511825ebf1a2d0995c83e0056e07fd7a4bd782 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score
Exploits0References4
Rows per page
Query Builder