4 matches found
Malicious code in rstreams-shard-util (npm)
The rstreams-shard-util npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...
gryph 安全漏洞
Gryph is an AI-based coding proxy activity auditing and debugging tool developed by SafeDep. Versions of Gryph prior to 0.7.0 contained security vulnerabilities. These vulnerabilities stemmed from the default log level being set to standard rather than minimum. As a result, sensitive file write...
GO-2025-3986 vet MCP Server SSE Transport DNS Rebinding Vulnerability in github.com/safedep/vet
vet MCP Server SSE Transport DNS Rebinding Vulnerability in github.com/safedep/vet...
SafeDep 安全漏洞
SafeDep is an open source package from SafeDep that prevents malicious open source. A security vulnerability exists in SafeDep version 1.12.4 and earlier, which stems from a lack of HTTP Host and Origin header validation and could lead to a DNS rebinding attack...