400 matches found
CVE-2026-6621 1024bit extend-deep index.js prototype pollution
A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument proto causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The...
extend-deep 安全漏洞
extend-deep is a JavaScript library developed by Hangga, designed for deeply recursive object merging. Versions of extend-deep 0.1.6 and earlier contained a security vulnerability, which stemmed from improper handling of the proto parameter in the index.js file. This vulnerability could lead to...
Malicious code in tombac-chronos (npm)
Suspicious install script executing index.js and an untrustworthy author email domain sl4x0.xyz strongly suggest this package is malware. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69e040ef4bdedbed143a5a8d1a1bb0389fa07848772a87c03da1c67557ced13e The package...
Malicious code in oc-aa-module-client (npm)
Multiple pieces of evidence suggest malicious intent: hex obfuscation, dynamic code execution, suspicious email, and install script executing index.js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ff9a96329ad67bbc8f97ec7686f7f6a8f1b94bb76be3f8f48671cafde13fc...
MAL-2026-2415 Malicious code in oc-aa-module-client (npm)
Multiple pieces of evidence suggest malicious intent: hex obfuscation, dynamic code execution, suspicious email, and install script executing index.js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ff9a96329ad67bbc8f97ec7686f7f6a8f1b94bb76be3f8f48671cafde13fc...
Malicious code in rtxbbtyols (npm)
Package collects and exfiltrates sensitive info to oastify.com via HTTP in both index.js and setup.py with silent error handling. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a545131c0d6f2f8be5e52e2d51ba1ca4bc79095868f4b3c8169744110c68ecd The package...
MAL-2026-1027 Malicious code in rtxbbtyols (npm)
Package collects and exfiltrates sensitive info to oastify.com via HTTP in both index.js and setup.py with silent error handling. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a545131c0d6f2f8be5e52e2d51ba1ca4bc79095868f4b3c8169744110c68ecd The package...
SUSE CVE-2025-61140
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution...
GHSA-6C59-MWGH-R2X6 JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution...
JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution...
EUVD-2025-206486
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution...
CVE-2025-61140
The CVE-2025-61140 entry concerns jsonpath version 1.1.1, where the value function in lib/index.js is vulnerable to Prototype Pollution. This is documented across multiple sources (GitHub advisory, OSV/NVD entries, and Red Hat advisories) and is categorized with a critical CVSS score. The vulnera...
EUVD-2021-0600
Malware in sbrugna...
EUVD-2020-20886
Malware in sbrugna...
EUVD-2018-0155
Malware in sbrugna...
EUVD-2019-6530
Malware in sbrugna...
EUVD-2020-0628
Malware in sbrugna...
EUVD-2018-8829
Malware in sbrugna...
EUVD-2021-1397
Malware in sbrugna...
Unity Linux 20.1070e Security Update: nodejs-brace-expansion (UTSA-2025-984691)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984691 advisory. A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function...