Lucene search
K

10 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 6:19 a.m.7 views

Malicious code in node-core-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33f74e3f73fd5580ecf994b7db0349ee540754d65d4467b8b04b8c79e3d257b scripts/postinstall.js runs automatically on npm install Windows only and behaves as a classic install-time dropper. It XOR-decodes key 0x5A a...

6.4AI score
Exploits0References3
OSV
OSV
added 2026/06/23 6:19 a.m.7 views

MAL-2026-6276 Malicious code in node-core-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33f74e3f73fd5580ecf994b7db0349ee540754d65d4467b8b04b8c79e3d257b scripts/postinstall.js runs automatically on npm install Windows only and behaves as a classic install-time dropper. It XOR-decodes key 0x5A a...

6.4AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 9:52 p.m.2 views

Insertion of Sensitive Information Into Sent Data

Overview @sentry/node-core is a Sentry Node-Core SDK Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the sendDefaultPii configuration option. An attacker can gain access to sensitive HTTP headers, such as authentication cookies, by viewing...

7.2CVSS6.9AI score0.00298EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in httpeace-node-core (npm)

The package httpeace-node-core was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-22764 Malicious code in httpeace-node-core (npm)

The package httpeace-node-core was found to contain malicious code...

7.2AI score
Exploits0
vulnersOsv
vulnersOsv
added 2025/04/10 3:9 a.m.7 views

org.webjars.npm:class-validator (>=0.8.5 <=0.14.0), org.webjars.npm:image-thumbnail (=1.0.15) +8 more potentially affected by CVE-2025-56200 via org.webjars.npm:validator (>=10.11.0 <=9.2.0)

org.webjars.npm:validator MAVEN version =10.11.0, =0.8.5, =3.1.2, =3.18.2, =3.25.1 Source cves: CVE-2025-56200 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14102004...

6.1CVSS5.8AI score0.00302EPSS
Exploits1
CNNVD
CNNVD
added 2021/08/11 12:0 a.m.3 views

node core 资源管理错误漏洞

node core is a Node.js server-side infrastructure framework based on Egg.js. Node Core suffers from a Resource Management Error vulnerability. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor announcement...

7.5CVSS7AI score0.13861EPSS
Exploits0References33
CNNVD
CNNVD
added 2021/08/11 12:0 a.m.3 views

node core 信任管理问题漏洞

node core is a Node.js server-side infrastructure framework based on Egg.js. Node Core is vulnerable to a trust management issue. No information about this vulnerability is available at this time, please stay tuned to CNNVD or vendor announcements...

5.3CVSS7AI score0.1473EPSS
Exploits1References31
CNNVD
CNNVD
added 2021/08/11 12:0 a.m.2 views

node core 输入验证错误漏洞

node core is a Node.js server-side infrastructure framework based on Egg.js. An input validation error vulnerability exists in Node Core. No information about this vulnerability is available at this time, so stay tuned to CNNVD or the vendor announcement...

9.8CVSS7AI score0.21952EPSS
Exploits1References34
vulnersOsv
vulnersOsv
added 2019/02/18 11:54 p.m.5 views

collectortoqueue (>=1.2.10 <=1.2.26), gladys (>=2.1.5 <=2.1.9) +13 more potentially affected by CVE-2016-10551 via waterline-sequel (>=0.0.21 <=0.4.0)

waterline-sequel NPM version =0.0.21, =1.2.10, =2.1.5, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =0.0.1, =0.10.1, =0.0.1, =0.10.1, =0.7.3, =1.0.0-alpha.0, =0.1.0, =0.4.8 Source cves: CVE-2016-10551 Source advisory: OSV:GHSA-CGPP-WM2H-6HQX...

9.8CVSS7.3AI score0.01825EPSS
Exploits1
Rows per page
Query Builder