260 matches found
MAL-2024-12183 Malicious code in interview-question (npm)
This package has a preinstall script to download an execute a Go-variant of the Cobalt Strike beacon...
Malicious code in bs-auto-dark-mode (npm)
This package has a preinstall script to download an execute a Go-variant of the Cobalt Strike beacon. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8a5c6958e14a49e20ebdd6902cdb4cad7872983ed4d39e94b625cc50a20314ac The OpenSSF Package Analysis project...
SUSE CVE-2015-0296
The pre-install script in texlive 3.1.20140525r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory...
Malicious Package
rc is a malicious package. The package contains a preinstall script that would execute malicious Javascript code to steal passwords from various applications...
Malicious Package
coa is a malicious package. The package contains a preinstall script that would execute malicious Javascript code to steal passwords from various applications...
DEBIAN-CVE-2021-39135
@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...
ALPINE-CVE-2021-39135
@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...
Malicious Package
Overview acookie is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the acookie package. Credit: Snyk Research...
Malicious Package
Overview vscode-npm-script is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the vscode-npm-script package. Credit: Snyk Research...
Malicious Package
Overview firebase-extensions is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the firebase-extensions package. Credit: Snyk Research...
Malicious Package
Overview rcenodejs is a malicious package. It uses a preinstall script to execute a reverse shell. Remediation Avoid using all malicious instances of the rcenodejs package. Credit: Snyk Research...
Malicious Package
Overview paychex-framework-forms is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the paychex-framework-forms package. Credit: Snyk Research...
Malicious Package
Overview paychex-framework is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the paychex-framework package. Credit: Snyk Research...
Malicious Package
Overview paychex-common-npm is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the paychex-common-npm package. Credit: Snyk Research...
Malicious Package
Overview paychex-framework-approvals is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the paychex-framework-approvals package. Credit: Snyk Research...
Malicious Package
Overview paychex-framework-core-ui is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the paychex-framework-core-ui package. Credit: Snyk Research...
Malicious Package
loadyaml is a malicious package. The package exfiltrates IP, IP-based geolocation, home directory name, and local username through a preinstall script during installation...
Malicious Package
electorn is a malicious package. The package exfiltrates IP, IP-based geolocation, home directory name, and local username through a preinstall script during installation...
Malicious code in `loadyaml`
npm packages loadyaml and electorn were removed from the npm registry for containing malicious code. Upon installation the package runs a preinstall script that writes a public comment on GitHub containing the following information: - IP and IP-based geolocation - home directory name - local...
Malicious Package
Overview loadyaml was removed from the npm registry for containing malicious code. Upon installation the package runs a preinstall script that writes a public comment on GitHub containing the following information: - IP and IP-based geolocation - home directory name - local username Recommendatio...