CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Github Security Blog•added 2020/09/11 9:16 p.m.•45 views

Malicious Package in test-module-a

1AI score

OSV•added 2020/09/03 9:9 p.m.•12 views

GHSA-725F-3PW7-RQ6X Malicious Package in 8.9.4

Versions 1.0.2, 1.0.3, 1.0.4 and 1.0.5 of 8.9.4 contain malicious code as a preinstall script. The package reads the system's SSH keys but does not upload it to a remote server. Recommendation Remove the package from your environment. There is no evidence of further compromise at the moment...

9.8CVSS7.4AI score

Github Security Blog•added 2020/09/03 9:9 p.m.•18 views

Malicious Package in 8.9.4

4.2AI score

Github Security Blog•added 2020/09/03 9:8 p.m.•21 views

Malicious Package in ember_cli_babe

Version 6.16.0 of emberclibabe contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opens a...

3.9AI score

OSV•added 2020/09/03 9:6 p.m.•10 views

GHSA-F7G4-FM4C-54M9 Malicious Package in yeoman-genrator

Version 2.0.2 of yoeman-generator contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opens a...

Github Security Blog•added 2020/09/03 9:3 p.m.•23 views

Malicious Package in log-symboles

Version 2.1.0 of log-symboles contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opens a backdoo...

3.9AI score

OSV•added 2020/09/03 6:12 p.m.•11 views

GHSA-QFC9-X7GV-27JR Malicious Package in deasyncp

All versions of deasyncp contain malicious code. The package shuts down the machine upon installation as a preinstall script. Recommendation Remove the package from your environment. There is no further compromise...

9.8CVSS7.1AI score

Github Security Blog•added 2020/09/03 6:12 p.m.•8 views

Malicious Package in deasyncp

3.1AI score

Github Security Blog•added 2020/09/03 6:11 p.m.•13 views

Malicious Package in sdfjghlkfjdshlkjdhsfg

All versions of sdfjghlkfjdshlkjdhsfg contain malicious code. The package is essentially a worm that fetches all packages owned by the user, adds a script to self-replicate as a preinstall script and publishes a new version. Recommendation Remove the package from your environment and ensure all...

4.5AI score

OSV•added 2020/09/03 3:53 p.m.•7 views

GHSA-VV52-3MRP-455M Malicious Package in m-backdoor

All versions of m-backdoor contain malicious code. The package downloads a file from a remote server and executes it as a preinstall script. At the time of the release of this advisory the downloaded file only defaces websites by removing elements randomly from the DOM. Recommendation Remove the...

7.2AI score

Github Security Blog•added 2020/09/03 3:53 p.m.•18 views

Malicious Package in m-backdoor

5.1AI score

OSV•added 2020/09/02 9:46 p.m.•10 views

GHSA-8HQ2-FCQM-39HQ Malicious Package in rimrafall

Version 1.0.0 of rimrafall contains malicious code as a preinstall script. The package attempts to remove all files in the system's root folder. Recommendation If you installed this package it is likely your machine was erased. If not, remove the package from your system and verify if any files...

9.8CVSS7.2AI score

Github Security Blog•added 2020/09/02 9:46 p.m.•29 views

Malicious Package in rimrafall

4.1AI score

Github Security Blog•added 2020/09/02 9:42 p.m.•35 views

Malicious Package in tensorplow

All versions of tensorplow contain malicious code as a preinstall script. When installed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secret...

3.1AI score

OSV•added 2020/09/02 9:41 p.m.•13 views

GHSA-QJ3G-WFR7-3CV7 Malicious Package in require-ports

Version 10.4.0 of require-ports contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opens a...

OSV•added 2020/09/02 9:40 p.m.•10 views

GHSA-VCG5-9XW6-R56C Malicious Package in logsymbles

Version 2.2.0 of logsymbles contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opens a backdoor...

Github Security Blog•added 2020/09/02 9:40 p.m.•30 views

Malicious Package in logsymbles

3.8AI score

Github Security Blog•added 2020/09/02 9:39 p.m.•25 views

Malicious Package in jquerz

Version 1.0.1 of jquerz contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opens a backdoor...

3.8AI score

OSV•added 2020/09/02 9:39 p.m.•9 views

GHSA-C6F3-3C98-2J2F Malicious Package in jquerz