Lucene search
+L

130 matches found

osv
osv
added 2026/07/09 12:0 a.m.3 views

MAL-2026-10038 Malicious code in antsrcsrctest (npm)

The npm package antsrcsrctest masquerades as a "simple date formatting utility" index.js exports a harmless formatDate function that is never referenced by the malicious code but is a credential-harvesting and cloud-metadata-stealing reconnaissance tool. It declares a preinstall: node preinstall....

6.1AI score
Exploits0References2
vulnersosv
vulnersosv
added 2026/05/18 9:0 p.m.6 views

@alicloud/cloud-charts (>=0.1.0 <=0.1.10), @alicloud/console-charts (>=0.1.0 <=0.3.0) +139 more potentially affected by unknown CVE via @antv/g2-brush (=0.0.2)

@antv/g2-brush NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g2-brush and may be impacted: - @alicloud/cloud-charts =0.1.0, =0.1.0, =0.0.113, =0.0.113, =0.1.4-beta-3.3, =2.5.1, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5,...

5.7AI score
Exploits0
ossf
ossf
added 2026/05/15 10:40 a.m.15 views

Malicious code in aliyun-internal-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ad3b492d9e89c081c72b95aba3aa4fd0c436a8f5050c7538e57dec619af2258 The package aliyun-internal-config was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
osv
osv
added 2026/05/15 10:40 a.m.7 views

MAL-2026-3780 Malicious code in aliyun-internal-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ad3b492d9e89c081c72b95aba3aa4fd0c436a8f5050c7538e57dec619af2258 The package aliyun-internal-config was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
fedora
fedora
added 2026/03/28 12:19 a.m.6 views

[SECURITY] Fedora 44 Update: rust-reqsign-aliyun-oss-3.0.0-1.fc44

Aliyun OSS signing implementation for reqsign...

5.8AI score
Exploits0
ossf
ossf
added 2026/01/30 7:9 p.m.10 views

Malicious code in snapshot-date (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8e86008d35e5f11e68c465940563127cdc9ba1d4b2963f092914bf8e9ce2587b This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

6AI score
Exploits0References4
vulnersosv
vulnersosv
added 2025/12/10 6:30 p.m.9 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1887 more potentially affected by CVE-2025-67635 via org.jenkins-ci.main:cli (>=1.396 <=2.528.2)

org.jenkins-ci.main:cli MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.23 and more Source cves: CVE-2025-67635 Source advisory: OSV:GHSA-9P56-P6MW-W8QC...

7.5CVSS7.3AI score0.00515EPSS
Exploits0
vulnersosv
vulnersosv
added 2025/11/28 6:30 p.m.15 views

cc.ddrpa.dorian.polystash:polystash-spring-boot-starter (=1.0.0), com.alibaba.fastjson2:fastjson2-extension (>=2.0.27 <=2.0.62) +39 more potentially affected by CVE-2025-12183 via org.lz4:lz4-pure-java (=1.8.0)

org.lz4:lz4-pure-java MAVEN version =1.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.lz4:lz4-pure-java and may be impacted: - cc.ddrpa.dorian.polystash:polystash-spring-boot-starter =1.0.0 - com.alibaba.fastjson2:fastjson2-extension =2.0.27,...

8.8CVSS6.8AI score0.00647EPSS
Exploits0
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-0115

Malware in sbrugna...

7.5CVSS7.5AI score0.01048EPSS
Exploits0References10
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-28414

Malicious code in bioql PyPI...

7.6CVSS8.6AI score0.00515EPSS
Exploits0References1
ossf
ossf
added 2025/06/18 10:15 a.m.7 views

Malicious code in aliyun-ai-labs-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
osv
osv
added 2025/06/18 10:15 a.m.12 views

MAL-2025-5095 Malicious code in aliyun-ai-labs-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 11:24 p.m.6 views

CVE-2022-39397

aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1...

5.6CVSS6.8AI score0.00421EPSS
Exploits0References1
ossf
ossf
added 2025/05/19 3:43 p.m.8 views

Malicious code in aliyun-ai-labs-snippets-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 459b9313aa2d453392e97f619a0ffb2898c3b90700e72dcb2cde4d1a1b97b1ac During the importing, it loads a file pretending to an AI model. This file contains pickle-serialized code that exfiltrates data basic IP/username info, as wel...

7.3AI score
Exploits0References3
osv
osv
added 2025/05/19 3:43 p.m.9 views

MAL-2025-5096 Malicious code in aliyun-ai-labs-snippets-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 459b9313aa2d453392e97f619a0ffb2898c3b90700e72dcb2cde4d1a1b97b1ac During the importing, it loads a file pretending to an AI model. This file contains pickle-serialized code that exfiltrates data basic IP/username info, as wel...

7.2AI score
Exploits0References3
ossf
ossf
added 2025/03/11 11:19 p.m.10 views

Malicious code in upload-aliyun-oss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b137056ce2896ba2e4b0b632262308afc40672c5a46bff9c2cb50a7b3a81a386 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
osv
osv
added 2025/03/11 11:19 p.m.6 views

MAL-2025-2283 Malicious code in upload-aliyun-oss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b137056ce2896ba2e4b0b632262308afc40672c5a46bff9c2cb50a7b3a81a386 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
ossf
ossf
added 2025/02/25 6:18 p.m.5 views

Malicious code in amzclients-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7918a5aab99f521336ce5a17ca3b3dae77256011f91ed8dc22c4d9a38123f539 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score
Exploits0References4
ossf
ossf
added 2025/02/25 6:18 p.m.5 views

Malicious code in aclient-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 aa9e5d91a1f45bce354edc5b12fcacf603db5e00dc4a48628d3fe5fff37d0eb2 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score
Exploits0References4
ossf
ossf
added 2025/02/25 6:18 p.m.7 views

Malicious code in acloud-clients (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 89813876cca364b0dffda624005d527aa3c9f54ea7ce20af8186faf8f374ba6f This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score
Exploits0References4
Rows per page
Query Builder