@alicloud/cloud-charts (>=0.1.0 <=0.1.10), @alicloud/console-charts (>=0.1.0 <=0.3.0) +140 more potentially affected by unknown CVE via @antv/g2-brush (=0.0.2)

@antv/g2-brush NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g2-brush and may be impacted: - @alicloud/cloud-charts =0.1.0, =0.1.0, =0.0.113, =0.0.113, =0.1.4-beta-3.3, =2.5.1, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5,...

MAL-2026-3780 Malicious code in aliyun-internal-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ad3b492d9e89c081c72b95aba3aa4fd0c436a8f5050c7538e57dec619af2258 The package aliyun-internal-config was found to contain malicious code. Source: ghsa-malware...

Malicious code in aliyun-internal-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ad3b492d9e89c081c72b95aba3aa4fd0c436a8f5050c7538e57dec619af2258 The package aliyun-internal-config was found to contain malicious code. Source: ghsa-malware...

[SECURITY] Fedora 44 Update: rust-reqsign-aliyun-oss-3.0.0-1.fc44

Aliyun OSS signing implementation for reqsign...

Malicious code in snapshot-date (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8e86008d35e5f11e68c465940563127cdc9ba1d4b2963f092914bf8e9ce2587b This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1886 more potentially affected by CVE-2025-67635 via org.jenkins-ci.main:cli (>=1.396 <=2.528.2)

org.jenkins-ci.main:cli MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.23 and more Source cves: CVE-2025-67635 Source advisory: OSV:GHSA-9P56-P6MW-W8QC...

cc.ddrpa.dorian.polystash:polystash-spring-boot-starter (=1.0.0), com.alibaba.fastjson2:fastjson2-extension (>=2.0.27 <=2.0.62) +39 more potentially affected by CVE-2025-12183 via org.lz4:lz4-pure-java (=1.8.0)

org.lz4:lz4-pure-java MAVEN version =1.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.lz4:lz4-pure-java and may be impacted: - cc.ddrpa.dorian.polystash:polystash-spring-boot-starter =1.0.0 - com.alibaba.fastjson2:fastjson2-extension =2.0.27,...

EUVD-2017-0115

Malware in sbrugna...

EUVD-2024-28414

Malicious code in bioql PyPI...

Malicious code in aliyun-ai-labs-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-5095 Malicious code in aliyun-ai-labs-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=-...

CVE-2022-39397

aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1...

Malicious code in aliyun-ai-labs-snippets-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 459b9313aa2d453392e97f619a0ffb2898c3b90700e72dcb2cde4d1a1b97b1ac During the importing, it loads a file pretending to an AI model. This file contains pickle-serialized code that exfiltrates data basic IP/username info, as wel...

MAL-2025-5096 Malicious code in aliyun-ai-labs-snippets-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 459b9313aa2d453392e97f619a0ffb2898c3b90700e72dcb2cde4d1a1b97b1ac During the importing, it loads a file pretending to an AI model. This file contains pickle-serialized code that exfiltrates data basic IP/username info, as wel...

Malicious code in upload-aliyun-oss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b137056ce2896ba2e4b0b632262308afc40672c5a46bff9c2cb50a7b3a81a386 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2283 Malicious code in upload-aliyun-oss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b137056ce2896ba2e4b0b632262308afc40672c5a46bff9c2cb50a7b3a81a386 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in aclient-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 aa9e5d91a1f45bce354edc5b12fcacf603db5e00dc4a48628d3fe5fff37d0eb2 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

Malicious code in acloud-client-uses (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 23487ce28601ae00fc60455a6e324818c68a8a00b3a3d17f7356853ca7eedee5 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

Malicious code in acloud-clients (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 89813876cca364b0dffda624005d527aa3c9f54ea7ce20af8186faf8f374ba6f This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

Malicious code in tcloud-python-sdks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 601415ac1e4afe43331c4b78d99e406f34b4a970a365a366cdc0598c5cb22f9c This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...