CVE-2017-16075

CVE-2017-16075 corresponds to the http-proxy.js package that was published as malware with the intent to hijack environment variables and exfiltrate them to attacker-controlled locations. The npm advisory and related records note that all versions were unpublished from the npm registry. Connected...

CVE-2017-16067

node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-16069

The CVE-2017-16069 case concerns the nodeffmpeg package, identified as malware that hijacks and exfiltrates environment variables. Several sources (npm advisory, GitHub advisory, OSV) confirm that nodeffmpeg was published as malicious, with all versions unpublished from the npm registry, and that...

CVE-2017-16070

nodecaffe is a malware package published to hijack environment variables and exfiltrate them to attacker-controlled locations. The npm-hosted module has been unpublished across all versions. Affected context from the provided documents shows malware behavior and cleanup guidance: remove the packa...

CloudBees Jenkins Kubernetes Plugin Information Disclosure Vulnerability

CloudBees Jenkins is a set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version release/testing projects and some timed tasks.Kubernetes Plugin is one of the dynamically configured using the Kubernetes cluster Jenkins agents The...

Malicious Typo-Squatting

D3.js was a malicious module as it is developed to hijack environment variables and send it to attacker’s controlled location...

Malicious Module

nodefabric was a malicious module as it is developed to hijack environment variables...

Malicious Module

node-sqlite was a malicious module as it is developed to hijack environment variables and send it to attacker's controlled location...

Malicious Typo-Squatting

fabric-js is a malicious typo-squatter package. The packages uses a similar name to a legitimate library so that developers may mistake it for the real one but executes malicious actions under the hood such as stealing environment variables upon installation...

Malicious Typo-Squatting

sqlite.js is a malicious typo-squatters. The package uses a similar name to another library so that developers may mistake it for a legitimate package but executes malicious actions under the hood such as stealing environment variables on installation...

Malicious Typo-Squatting

mariadb is a malicious typo-squatted package. The package uses a similar name to another library so that developers may mistake it for a legitimate package but executes malicious actions under the hood such as stealing environment variables on installation...

Malicious Typo-Squatting

sqlserver is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake them for the real one but have malicious actions under the hood such as stealing environment variables...

Malicious Typo-Squatting

node-fabric is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake them for the real one but have malicious actions under the hood such as stealing environment variables...

Malicious Typo-Squatting

nodesqlite is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake them for the real one but have malicious actions under the hood such as stealing environment variables...

Malicious Typo-Squatting

jquery.js is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake them for the real one but have malicious actions under the hood such as stealing environment variables...

CVE-2017-16046

mariadb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-16053

fabric-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-16054

nodefabric was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-16052

node-fabric was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-16048

node-sqlite was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...