1002 matches found
Malicious code in nodemon-webpatch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b105e115122e719d986bfb11b73b58a67decc47f5a6b609b9f5e3ea496eb43ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5085 Malicious code in web3-config-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc426e6e28603268949be1817881f2269e7b0464c0fd513690f2f77b6637a719 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5068 Malicious code in evmchain-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d325c67c3edd95dd9b9e24502f3c8d01369606c35e1231231383e34a24b2da7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4833 Malicious code in bulletproof-json (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00849bd08fa4e9ebb1877039ab1ff287fd0ab89a683a45229176f717b6db1e9d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in motion-ui-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21ddce58f1bde22bf0563aee5f71aefe48c82ad61076557935bf8fff16eb9df3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4312 Malicious code in explorhub-mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9788bd481519def1387f4eccde46e4e6fbb3d8acc8e6b181397f299581d9a174 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in string-manipulation-typescript (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bed3d44d42fd732fc0b3ec3b59c8c75fea479f97b78de4982c5b75bafd9af25 The package string-manipulation-typescript was found to contain malicious code. Source: ghsa-malware...
Malicious code in babel-6-compatibility (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8087b9d84c49b5f44fe119e347d1fe658395eb8af859209bcf8884716692229d The package babel-6-compatibility was found to contain malicious code. Source: ghsa-malware...
Malicious code in @supersurkhet/cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3219a7aa4b5f19cda44ae4217d0cf1d596988bd05ea1645b489ec579c50bcf17 The package @supersurkhet/cli was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3460 Malicious code in @tanstack/arktype-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00740c1707de87fdde677d596049a754c3269e6b54875d76eb4934a1368b7112 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in frank-newton3-user-hunt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3d2188a1bfb704f499669b386b4268ab26fb46de37022d5b91df575521fcf81 The package frank-newton3-user-hunt was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3170 Malicious code in frank-newton3-db-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c57962acb9140cd99fb10338da13df89a6af2a7da30694456df2bc151acd247 The package frank-newton3-db-poc was found to contain malicious code. Source: ghsa-malware...
PT-2026-35502
Name of the Vulnerable Software and Affected Versions Cilium versions prior to 1.17.15 Cilium versions 1.18.0 through 1.18.8 Cilium versions 1.19.0 through 1.19.2 Description When run against deployments with WireGuard encryption enabled, the output of the cilium-bugtool debugging tool can contai...
LiteLLM: Server-Side Template Injection in /prompts/test endpoint
Impact The POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the LiteLLM Proxy process. The endpoint only checks that the caller presents a valid proxy API key, so any authenticated user cou...
MAL-2026-2935 Malicious code in @tushar-br/desktop (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c25eb4a54e706177aecf51b4124524e6e7d0534b02d9b8e6970169a9df8189ef The package @tushar-br/desktop was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2318 Malicious code in @logcore/pino-pretty-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a729cc1811bd1bc1fa94404ad4bcd8376c1a29b90311fd2a89efecff51fe592 The package @logcore/pino-pretty-logger was found to contain malicious code. Source: ghsa-malware...
Malicious code in @emilgroup/gdv-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c4f423945b0d9a114bae821ae46ab06d9850ba5611917eb80d940c47771e3ed The package @emilgroup/gdv-sdk-node was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1956 Malicious code in llmstash (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28c72133178ff53e9c15a1fa3dd94cb2c3b3baf027cd8e18f4b5eaa12674a051 The package llmstash was found to contain malicious code. Source: ghsa-malware c3fb84b88ae3519c2312fd93ad4ffb2dfc9314704ce1a2f67643c29b6bacb17c Any...
Malicious code in graphlib-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fc5e5e2ae1439a28be92e99758c3253bf2bd09a568712a5d0725553b4836eaf The package graphlib-js was found to contain malicious code. Source: ghsa-malware 375768659fc55b18acf652226fabd9052c10c4f88d36f150317532bc8661df13 An...
Malicious code in changelog-logger-wrapper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e07f02cb66d1d05ebc1ce27c24e2a54922ecfdc8a1fba1117fc8b305026621ad The package changelog-logger-wrapper was found to contain malicious code. Source: ghsa-malware...