21 matches found
MAL-2026-3016 Malicious code in amazon-q-developer-streaming-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2612d348229614bb857a8f2c30c1ad2d66954d7a05073f15319f8aca2fb1a86d The package amazon-q-developer-streaming-client was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in amazon-q-developer-streaming-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2612d348229614bb857a8f2c30c1ad2d66954d7a05073f15319f8aca2fb1a86d The package amazon-q-developer-streaming-client was found to contain malicious code. Source: ossf-package-analysis...
AWS VDP: Command Injection on Amazon Q Developer CLI via malicious .amazonq/mcp.json leads to arbitrary code execution
Asset URL: https://github.com/aws/amazon-q-developer-cli/ Summary: Running Q chat from Amazon Q Developer CLI from an attacker-controlled repository/directory that contains a crafted .amazonq/mcp.json enables arbitrary command injection/execution. Amazon Q Developer CLI automatically loads and...
EUVD-2025-23144
Malicious code in bioql PyPI...
The emerging use of malware invoking AI
A closer look at LameHug, the Amazon Q Developer Extension compromise, s1ngularity, and PromptLock...
Malicious code in amazon-q-vscode (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-41938 Malicious code in amazon-q-vscode (npm)
The package communicates with a domain associated with malicious activity...
BIT-GITLAB-2025-2867 Improper Control of Generation of Code ('Code Injection') in GitLab
An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized...
CVE-2025-8217
The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...
CVE-2025-8217
The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...
CVE-2025-8217
The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...
CVE-2025-8217 Inert Malicious script injected into Amazon Q Developer Visual Studio Code (VS Code) Extension
The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...
CVE-2025-8217
CVE-2025-8217 documents describe a vulnerability in the Amazon Q Developer VS Code extension. The v1.84.0 extension contains inert, injected code intended to call the Q Developer CLI, which executes when the extension is launched in VS Code, but the injected code has a syntax error that prevents ...
PT-2025-31362
Name of the Vulnerable Software and Affected Versions Amazon Q Developer Visual Studio Code VS Code extension version 1.84.0 Description The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains injected code intended to call the Q Developer CLI. This code executes upon extensi...
Amazon Q Developer Visual Studio Code extension 安全漏洞
Amazon Q Developer Visual Studio Code extension is an extension in VS Code from Amazon.com, USA. A security vulnerability exists in Amazon Q Developer Visual Studio Code extension version v1.84.0, which stems from a syntax error in the injected code that causes API calls to fail...
Hacker Added Prompt to Amazon Q to Erase Files and Cloud Data
A hacker injected a malicious prompt into Amazon Q via GitHub, aiming to delete user files and wipe AWS data, exposing a major security flaw...
CVE-2025-2867
An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized...
CVE-2025-2867
An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized...
PT-2025-13198 · Gitlab · Gitlab Duo
Name of the Vulnerable Software and Affected Versions: GitLab Duo with Amazon Q versions 17.8 through 17.8.5 GitLab Duo with Amazon Q versions 17.9 through 17.9.2 GitLab Duo with Amazon Q versions 17.10 through 17.10.0 Description: An issue has been discovered in the GitLab Duo with Amazon Q that...
Introducing new Amazon Q Developer plugin for Wiz
New plugin enables AWS and Wiz customers to leverage generative AI to improve their cloud security posture...