EUVD-2025-41742

Malicious code in telegram-travis-api npm...

Malicious Package

Overview telegram-travis-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-50731 Malicious code in telegram-travis-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f21c0fea0fd00ecd7a983e99a6525746ac36f46a54288cb02a5c9aa852f2d4ac The package telegram-travis-api was found to contain malicious code. Source: ghsa-malware...

Malicious code in telegram-travis-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f21c0fea0fd00ecd7a983e99a6525746ac36f46a54288cb02a5c9aa852f2d4ac The package telegram-travis-api was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-9241

Malicious code in bioql PyPI...

EUVD-2021-28228

Malicious code in bioql PyPI...

osx-security-awesome

It is an offensive tool for collecting and categorizing OSX and iOS security resources. The primary CVE ID is not present in the provided context. The target product/service or framework is not explicitly stated, but the tool appears to be collecting resources related to OSX and iOS security. The...

CVE-2021-41077

The activation process in Travis CI, for certain 2021-09-03 through 2021-09-10 builds, causes secret data to have unexpected sharing that is not specified by the customer-controlled .travis.yml file. In particular, the desired behavior if .travis.yml has been created locally by a customer, and...

CVE-2019-10380

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code...

CVE-2025-31786

Missing Authorization vulnerability in Travis Simple Icons simple-icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Icons: from n/a through = 2.8.4...

CVE-2025-31786

Missing Authorization vulnerability in Travis Simple Icons simple-icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Icons: from n/a through = 2.8.4...

PT-2025-14172 · Unknown · Travis Simple Icons

Name of the Vulnerable Software and Affected Versions: Travis Simple Icons versions through 2.8.4 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions through 2.8.4,...

ARM多款产品 安全漏洞

The ARM Cortex-A77, among others, is a central processing unit from the British company ARM. A security vulnerability exists in various Arm products, which stems from the possibility that memory accesses may be incorrectly converted. The following products are affected: ARM Cortex-A77, ARM...

travismanion.org Cross Site Scripting vulnerability OBB-3827359

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Malicious Package

Overview sample-travis-ci is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

Malicious code in sample-travis-ci (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 568970137987e9314235b38ecb7007db2b4db3023f6eaf1cacb92983e90f3613 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5921 Malicious code in sample-travis-ci (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 568970137987e9314235b38ecb7007db2b4db3023f6eaf1cacb92983e90f3613 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

cargo-travis (>=0.0.10 <=0.0.11), cargo-travis-fork (>=0.0.11 <=0.0.12) potentially affected by unknown CVE via badge (>=0.2.0 <=0.3.0)

badge CARGO version =0.2.0, =0.0.10, =0.0.11, =0.0.12 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0057...

projects.travisluong.com Cross Site Scripting vulnerability OBB-2662642

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens

An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. "More than 770 million logs o...