EUVD-2026-32025

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

MAL-2026-4819 Malicious code in token-me-uk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a058b653e7a491fdf0c9128b4d2d408c2cdac6a1784adc5f02a0975a0e669eb The CLI in cli.mjs reads its API key from process.env.TOKENMEUKAPIKEY, falling back to process.env.OPENAIAPIKEY and then process.env.ANTHROPICAPIKEY...

Malicious code in token-me-uk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a058b653e7a491fdf0c9128b4d2d408c2cdac6a1784adc5f02a0975a0e669eb The CLI in cli.mjs reads its API key from process.env.TOKENMEUKAPIKEY, falling back to process.env.OPENAIAPIKEY and then process.env.ANTHROPICAPIKEY...

Malicious code in @iola_adm/iola-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e28a7ca88c4000d6efee1c0e324c8f28bebf03ef988e2ac3aa437857f34ee08 src/cli.js contains a hardcoded endpoint https://apiiola.yasg.ru referenced multiple times lines 1, 2, 198 and invoked via fetch at line 256, in code...

Malicious code in test-nonmal-pkg-5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f52d81c9285fd103cfe5f8dc724c173c1b4e57e96cd56313cec119fbbbc9982 index.js is hex-name-obfuscated 0x-style string array and, on require, enumerates the entire process.env via Object.keysprocess.env into a snapshot...

Malicious code in weavedb-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 469844df44557b10f865edf7d3d000fd90c901c6a42cc5402116247dca1528f0 package.json declares "preinstall": "./scripts/postbuild". The referenced file is not a script but a 976,568-byte UPX-packed Linux x86-64 ELF binary...

MAL-2026-4613 Malicious code in monade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32631bc0128011d7e526d2665460d2e4562c2d50602e38218e2ad3078635726a [email protected] advertises itself as a JavaScript monad/flow utility library cjs/index.js exports flow, of, opt, ka, dev, yet ships a 976KB UPX-packed...

Malicious code in weavedb-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59e557cd0501bb17925a19c5d3525fdf18f286b21750a44c0164eb7e165f55d9 package.json declares "preinstall": "./dist/runtime.node", causing npm to execute a 976 KB packed binary on every install. The file uses the .node...

MAL-2026-4725 Malicious code in weavedb-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59e557cd0501bb17925a19c5d3525fdf18f286b21750a44c0164eb7e165f55d9 package.json declares "preinstall": "./dist/runtime.node", causing npm to execute a 976 KB packed binary on every install. The file uses the .node...

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov, based on multiple packet capture engines. Versions of FastNetMon prior to 1.2.9 contain security vulnerabilities. These vulnerabilities stem from the lack of validation or cleaning of IP address variables in the...

Malicious code in etherproxy-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5756836b470f645f316696cbaedb1aedc21cde7fc921714bfbf70f2d528ad5b4 The bundled dist/index.js reads process.env values and posts data to https://api.telegram.org via a hardcoded fetch call line 97, with additional...

Malicious code in skills-detector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 844190b21455d308d6e2b5305ebe92634d80b55817290a84644a1048df0e54b3 On npm install, postinstall.js executes whoami and id via childprocess.execSync, collects os.hostname, os.platform, current working directory, and th...

Malicious code in @databus-service-ui/scroll-up-content (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02414b019347c91f59a506d88dffc19306c7c287936df0d42327ad6b32eb0bf2 scripts/postinstall.js performs two independent attacker-benefit actions when npm install runs. First, it scrapes installer-side secrets — environmen...

MAL-2026-4378 Malicious code in @databus-service-ui/scroll-up-content (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02414b019347c91f59a506d88dffc19306c7c287936df0d42327ad6b32eb0bf2 scripts/postinstall.js performs two independent attacker-benefit actions when npm install runs. First, it scrapes installer-side secrets — environmen...

Malicious code in wml-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46afe229d6efe1ef10d025302ed21e5c2c44bdd772c8fbb28d037cb1215c84ba [email protected] is a dependency-confusion package targeting an internal wml- namespace, published with an inflated version 99.0.1 to win npm resoluti...

MAL-2026-4731 Malicious code in wml-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46afe229d6efe1ef10d025302ed21e5c2c44bdd772c8fbb28d037cb1215c84ba [email protected] is a dependency-confusion package targeting an internal wml- namespace, published with an inflated version 99.0.1 to win npm resoluti...

MAL-2026-4641 Malicious code in platform-tempo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d1c69e098c3ebeb2876b746523bea0220034b429f58e0a55683f0ee2c8776cd [email protected] declares a preinstall hook that runs poc.js on every npm install. The script collects host identity os.hostname, whoami /all /...

Malicious code in platform-tempo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d1c69e098c3ebeb2876b746523bea0220034b429f58e0a55683f0ee2c8776cd [email protected] declares a preinstall hook that runs poc.js on every npm install. The script collects host identity os.hostname, whoami /all /...

MAL-2026-4587 Malicious code in intl-ads (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7e29be11c53c137c2a24258ae423cf422fefcaad06183d67aa5c895a8fe4801 On npm install, the package's scripts.preinstall runs poc.js which collects hostname, username, full network configuration ipconfig/ip a/resolv.conf,...

Malicious code in tempo-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 795bf7080d27cef141114dd46b5734c136f762933a43f2d1308e82547c5f99a6 [email protected] ships a preinstall hook poc.js that unconditionally collects host identity os.hostname, whoami, id, network configuration...