GitLab CI Lint API - Server-Side Request Forgery

GitLab 10.5 and later contain a server-side request forgery caused by insecure handling of webhook requests, letting unauthenticated attackers exploit the server for arbitrary requests, exploit requires sending crafted webhook requests. id: CVE-2021-22175 info: name: GitLab CI Lint API -...

Malicious code in @ci-lifecycle-test/postinstall-ping (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75c160ad40a237c1e682c696ebd0aec2861ca072f47bd5b725bc80f7f95ed509 The package's postinstall lifecycle script postinstall.js executes automatically on npm install and POSTs the JSON-serialized contents of the entire...

Malicious code in voyager-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7f4f15201378ec6cee4268469e85e17e50f3f5299d94a250031d6c2693177b8 package.json declares both preinstall and postinstall lifecycle hooks that execute callback.js on npm install. callback.js collects installer-side...

Malicious code in optional-cpu-features (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4dbbb7dd9c604ef3e5782d477d4db7c04c50f7906b19af03e63a540e0a44166e On npm install, both the install and postinstall lifecycle scripts run node install.js, which requires lib/sync.js. That file hardcodes BASE =...

MAL-2026-5642 Malicious code in optional-cpu-features (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4dbbb7dd9c604ef3e5782d477d4db7c04c50f7906b19af03e63a540e0a44166e On npm install, both the install and postinstall lifecycle scripts run node install.js, which requires lib/sync.js. That file hardcodes BASE =...

Malicious code in internallib_v346 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16f3f2c0990e02417fdf7012e6531393e81f786bb16019d0efdb03c049817f90 Package name targets an internal-only namespace and ships a reverse-shell payload. index.js line 5 unconditionally invokes exec'/bin/bash -c "bash -i...

claude-code-f002-poc

F002: Supply Chain Attack via Non-Interactive Workspace Trust...

Malicious code in @403name/fsevent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f86ca4502cc824c3684e8f1e08b088b974b4339829461b50d45e3fbc6f808eb On require, index.js runs an IIFE that gates to macOS, skips when CI or GITHUBACTIONS is set, waits 30-90 seconds, and writes a one-shot marker at...

MAL-2026-5549 Malicious code in @403name/fsevent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f86ca4502cc824c3684e8f1e08b088b974b4339829461b50d45e3fbc6f808eb On require, index.js runs an IIFE that gates to macOS, skips when CI or GITHUBACTIONS is set, waits 30-90 seconds, and writes a one-shot marker at...

PT-2026-48644

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.0 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description An issue exists where an authenticated user can cause a denial of service on the CI/CD Catalog page...

MAL-2026-5466 Malicious code in getd-eslint-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17328047b2ec8dce82cfbdfd5b16c8f862d51dca26b02c9801587c220a48975a On npm install, postinstall.js collects host identifiers os.hostname, os.userInfo username, os.platform, current working directory, CI environment...

Malicious code in getd-pantallas-cliente (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89a26267435645776aa984be114d5c657e63fa9937ff044e5ddd24943b28ea6e On npm install, postinstall.js collects os.hostname, os.userInfo.username, os.platform, process.cwd, and CI/build environment variables and sends the...

Malicious code in getd-typescript-eslint-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector caed4b0db34232c4ef920817b6087cee9ac0610ec4ec2e49edbb5f167342f42f On npm install, the postinstall.js script collects the installer's hostname, OS username, platform, current working directory, CI environment markers...

Malicious code in getd-ui-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcdbf66757b102ed524f01c498adae819b02968aa455f57316f4e08af1fb9ea0 On npm install, postinstall.js runs unconditionally scripts.postinstall = 'node postinstall.js' and sends an HTTPS GET to a hardcoded webhook.site UR...

MAL-2026-5471 Malicious code in getd-ui-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcdbf66757b102ed524f01c498adae819b02968aa455f57316f4e08af1fb9ea0 On npm install, postinstall.js runs unconditionally scripts.postinstall = 'node postinstall.js' and sends an HTTPS GET to a hardcoded webhook.site UR...

Malicious code in getui-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf281a31a53827497d9a24ff0602f277b568f495a00c14603c3e9bf11a30327a On npm install, postinstall.js issues an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 with query parameters containing the...

Malicious code in getd-content-management (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44eb41541c340c710ad8afc366ab4642d3809d8d9afef53b99e3704b9dfb684b The unscoped package name 'getd-content-management' impersonates the legitimate @getd/ npm scope acknowledged in the package's own README. On npm...

MAL-2026-5465 Malicious code in getd-content-management (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44eb41541c340c710ad8afc366ab4642d3809d8d9afef53b99e3704b9dfb684b The unscoped package name 'getd-content-management' impersonates the legitimate @getd/ npm scope acknowledged in the package's own README. On npm...

MAL-2026-5389 Malicious code in @0xlr/stripe-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eda7bf8681a6253ffc4bc965888e45c5374e4ba8d4fe2e17efcd0f227d7ce5e On npm install, postinstall.js enumerates every entry in process.env sorted, bundles it with hostname, username, homedir, cwd, argv, and platform/arc...

MAL-2026-5397 Malicious code in create-docs-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd4381fd77419441a2eefe6b22adef6c9f5adfe1b92be5d071abd5908fdf8647 Package is published at version 9999.99.99 — the canonical high-version override used in dependency-confusion attacks against private/internal packag...