Lucene search
+L

41 matches found

thn
thn
added 2026/06/11 6:23 a.m.23 views

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code...

6.6AI score
Exploits0
ptsecurity
ptsecurity
added 2026/05/15 12:0 a.m.15 views

PT-2026-41316

Name of the Vulnerable Software and Affected Versions Microsoft APM versions 0.5.4 through 0.12.4 Description Two primitive integrators in apm-cli use Path.glob and Path.rglob to enumerate package files and Path.read text to read matches, which transparently follows symbolic links. A symlink with...

7.4CVSS5.8AI score0.00654EPSS
Exploits0References13
cnnvd
cnnvd
added 2026/05/15 12:0 a.m.15 views

APM – Agent Package Manager 后置链接漏洞

APM – Agent Package Manager is an open-source AI-based dependency management tool developed by Microsoft. In versions 0.5.4 to 0.12.4 of APM, there was a post-link vulnerability. This vulnerability stemmed from calls to functions like Path.glob and Path.rglob, which followed symbolic links. As a...

7.4CVSS5.8AI score0.00654EPSS
Exploits0References1
snyk
snyk
added 2026/03/12 4:23 p.m.7 views

Malicious Package

Overview vitest-globals is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The packa...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.3 views

Malicious Package

Overview syntax-class-constructor-call is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.6 views

Malicious Package

Overview relay-optimizer-plugin is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior T...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.5 views

Malicious Package

Overview developit is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The package us...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.9 views

Malicious Package

Overview declaration-block-no-ignored-properties is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.5 views

Malicious Package

Overview todo-plz is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The package use...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.12 views

Malicious Package

Overview modules-umd-systemjs is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.7 views

Malicious Package

Overview vue-scoped-css is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The packa...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.5 views

Malicious Package

Overview transform-property-literals is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.8 views

Malicious Package

Overview typescript-vue-apollo-smart-ops is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.5 views

Malicious Package

Overview @storylane/uikit is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.3 views

Malicious Package

Overview transform-export-extensions is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.15 views

Malicious Package

Overview no-type-assertion is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.7 views

Malicious Package

Overview transform-json-strings is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior T...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.4 views

Malicious Package

Overview transform-es2015-duplicate-keys is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.4 views

Malicious Package

Overview @storylane/shared-packages is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavi...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.6 views

Malicious Package

Overview syntax-export-extensions is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior...

9.8CVSS5.9AI score
Exploits0References3
Rows per page
Query Builder