Malicious code in tivo-codelib-a (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c187e845e4c0d637709021a287c758e0206cb7adc46517391df4724d8af8cb7 [email protected] is an empty-stub npm package whose index.js exports module.exports = and whose package metadata description, author is blank. I...

MAL-2026-5431 Malicious code in @webd-infra/query-designer-domain (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c7713f23c6a0044172532693bc43aee0d785a980fc5c83ba1f773af9082e3b3 The package's package.json declares its only dependency ltidisafe as a direct tarball URL:...

EUVD-2026-28893

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Gi...

Malicious Package

Overview google-storage-cloud is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-3260 Malicious code in google-storage-cloud (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

MAL-2025-7941 Malicious code in @frozen-team/deploy-to-gcs (npm)

The package @frozen-team/deploy-to-gcs was found to contain malicious code...

org.jenkins-ci.plugins:google-storage-plugin (>=0.1 <=0.4) potentially affected by CVE-2019-10436 via org.jenkins-ci.plugins:google-oauth-plugin (=0.1)

org.jenkins-ci.plugins:google-oauth-plugin MAVEN version =0.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:google-oauth-plugin and may be impacted: - org.jenkins-ci.plugins:google-storage-plugin =0.1, =0.4 Source cves:...

Kubernetes: Google storage bucket takeover which is used to load JS file in dashboard.html in "github.com/kubernetes/release" which can lead to XSS

Report Submission Form Summary: Kubernetes have a github repository github.com/kubernetes/release In the repository there is code for dashboard. The dashboard have a html file dashboard.html which is using a JS file from a google storage bucket. The bucket was not registered on google cloud. So I...

GCPBucketBrute - A Script To Enumerate Google Storage Buckets, Determine What Access You Have To Them, And Determine If They Can Be Privilege Escalated

A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated. This script optionally accepts GCP user/service account credentials and a keyword. Then, a list of permutations will be generated from that keyword which will th...

Basecamp: Attachments may be hijacked via AppCache+CookieBombing trick (bc3_production_blobs bucket)

Basecamp attachments are stored in the bc3productionblobs bucket in the root directory and can be served with text/html content-type...