EUVD-2025-40719

Malicious code in adyen-web-v5 npm...

Malicious code in adyen-web-v5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25b6c05640ee26217a85a428224b5a1a72790f5efec2d036828cb3cda0afa5ab The package adyen-web-v5 was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flooded npm...

MAL-2025-50757 Malicious code in adyen-web-v5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25b6c05640ee26217a85a428224b5a1a72790f5efec2d036828cb3cda0afa5ab The package adyen-web-v5 was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flooded npm...

EUVD-2023-36924

Malicious code in bioql PyPI...

MAL-2025-14125 Malicious code in adyen-cse-js-2mundos (npm)

The package adyen-cse-js-2mundos was found to contain malicious code...

Malicious code in adyen-cse-js-2mundos (npm)

The package adyen-cse-js-2mundos was found to contain malicious code...

CVE-2023-32694

Saleor Core is a composable, headless commerce API. Saleor's validatehmacsignature function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the secret key and forge fake events, this could...

MAL-2025-2161 Malicious code in adyen-web-main (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3cd36b7d736b57d0d4d4a6489ac6362b0ac4e74f3431e76302256745de7e745 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in adyen-web-main (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3cd36b7d736b57d0d4d4a6489ac6362b0ac4e74f3431e76302256745de7e745 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-F3Q4-GGFP-JV34 Adyen APIs Library for Python timing attack vulnerability

Adyen has utility methods for validating notification HMAC signatures. The isvalidhmac and isvalidhmacnotification methods are vulnerable to a timing attack, you should compare the hash of the HMACs instead...

Adyen APIs Library for Python timing attack vulnerability

Adyen has utility methods for validating notification HMAC signatures. The isvalidhmac and isvalidhmacnotification methods are vulnerable to a timing attack, you should compare the hash of the HMACs instead...

Adyen APIs Library for Python timing attack vulnerability

Adyen has utility methods for validating notification HMAC signatures. The isvalidhmac and isvalidhmacnotification methods are vulnerable to a timing attack, you should compare the hash of the HMACs instead...

@adyen/adyen-salesforce-pwa (>=1.0.0 <=1.2.0), @argodigital/formula-request (>=1.0.0 <=1.1.1) +135 more potentially affected by CVE-2024-34273 via njwt (>=0.0.1 <=2.0.0)

njwt NPM version =0.0.1, =1.0.0, =1.0.0, =0.10.1, =0.1.1, =0.1.0, =0.1.0, =0.2.0, =1.0.0, =1.1.0, =0.0.1, =1.0.0, =1.1.25 - @harrymoore/jwt-proxy =1.0.0 - @iarna/atest =1.1.0 and more Source cves: CVE-2024-34273 Source advisory: OSV:GHSA-3HVJ-2783-34X2...

@glarus-labs/vendure-social-auth (>=0.0.1 <=0.1.1), @mirahi/vendure-adyen-dropin-plugin (>=0.0.1 <=0.0.5) +1 more potentially affected by unknown CVE via @vendure/core (>=0.11.1 <=1.9.6)

@vendure/core NPM version =0.11.1, =0.0.1, =0.0.1, =0.0.5 - @zifahm/vendure-social-auth =0.1.2 Source cves: unknown CVE Source advisory: OSV:GHSA-H9WQ-XCQX-MQXM...

CVE-2023-32694

Saleor Core is a composable, headless commerce API. Saleor's validatehmacsignature function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the secret key and forge fake events, this could...

Design/Logic Flaw

Saleor Core is a composable, headless commerce API. Saleor's validatehmacsignature function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the secret key and forge fake events, this could...

CVE-2023-32694 Non-constant time HMAC comparison in Adyen plugin in Saleor

Saleor Core is a composable, headless commerce API. Saleor's validatehmacsignature function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the secret key and forge fake events, this could...

CVE-2023-32694 Non-constant time HMAC comparison in Adyen plugin in Saleor

Saleor Core is a composable, headless commerce API. Saleor's validatehmacsignature function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the secret key and forge fake events, this could...

CVE-2023-32694

CVE-2023-32694 affects Saleor Core where the non-constant time HMAC signature validation in the Adyen plugin can be exploited via timing attacks to infer the secret key and forge events, potentially corrupting database state (e.g., marking an order as paid). Concrete details across connected sour...

CVE-2023-32694 Non-constant time HMAC comparison in Adyen plugin in Saleor

Saleor Core is a composable, headless commerce API. Saleor's validatehmacsignature function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the secret key and forge fake events, this could...