Malicious code in vite-plugin-css-blend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a47fa75fbd028d1aca89ca790036f760c76d8e486175505ef4a8f59f33e7c76 The package is published as a Vite CSS plugin but exposes no Vite plugin API. Its documented applyGlobalStylespalette, accents export, when called on...

EUVD-2026-2936

Deno node:crypto doesn't finalize cipher...

CVE-2026-22863 Deno node:crypto doesn't finalize cipher

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server...

CVE-2026-22863 Deno node:crypto doesn't finalize cipher

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server...

Deno security vulnerabilities

Deno is a simple, modern, and secure JavaScript and TypeScript runtime environment developed by Deno itself. Versions of Deno prior to 2.6.0 contained a security vulnerability caused by node:crypto failing to perform password encryption properly, which could lead to infinite encryption attacks...

PT-2026-3145

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.6.0 Description Deno is a JavaScript, TypeScript, and WebAssembly runtime. A flaw in the node:crypto polyfill allows cryptographic handles to persist beyond their intended lifespan. This results in the possibility of...

EUVD-2023-0629

Malicious code in bioql PyPI...

MAL-2025-4108 Malicious code in node-crypto-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cad7476ddf9290a5b4fa0e038b37e2133e0f5e5495e71bc825b1baf99d4e82f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in node-crypto-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cad7476ddf9290a5b4fa0e038b37e2133e0f5e5495e71bc825b1baf99d4e82f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in node-crypto-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d77d3f937a0c6f4071e5688241c3222eeb62c0033c93c981570e554400b14d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3908 Malicious code in node-crypto-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d77d3f937a0c6f4071e5688241c3222eeb62c0033c93c981570e554400b14d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS)

Description When using the non-default "fallback" crypto back-end, ECC operations in node-jose can trigger a Denial-of-Service DoS condition, due to a possible infinite loop in an internal calculation. For some ECC operations, this condition is triggered randomly; for others, it can be triggered ...