Malicious Package

Overview @apache-netbeans/netbeans-antora-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...

MAL-2025-48960 Malicious code in @apache-netbeans/netbeans-antora-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64c5548a67ff295a5fef8341e288347ac54fd9677bfd0be6e0752cc670888f37 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2020-4309

Malware in sbrugna...

EUVD-2018-8961

Malware in sbrugna...

EUVD-2022-3568

Malicious code in bioql PyPI...

EUVD-2022-2969

Malicious code in bioql PyPI...

CVE-2019-17561

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability...

CVE-2019-17560

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are...

Improper Certificate Validation in Apache Netbeans

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. "Apache NetBeans" versions up to and including 11.2 are...

GHSA-7C2M-VWXW-5QWW Improper Certificate Validation in Apache Netbeans

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. "Apache NetBeans" versions up to and including 11.2 are...

Improper Verification of Cryptographic Signature in Apache Netbeans

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability. NetBeans releases before the Apache transition started...

GHSA-CF8Q-J9H3-7237 Improper Verification of Cryptographic Signature in Apache Netbeans

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability. NetBeans releases before the Apache transition started...

Improper synchronization in Apache Netbeans HTML/Java API

There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in webkit subproject of HTML/Java API version 1.7. A similar vulnerability has recently been disclosed in other Java projects and the fix in HTML/Java API version 1.7.1 follows...

GHSA-PPC3-FPVH-7396 Improper synchronization in Apache Netbeans HTML/Java API

There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in webkit subproject of HTML/Java API version 1.7. A similar vulnerability has recently been disclosed in other Java projects and the fix in HTML/Java API version 1.7.1 follows...

Apache Netbeans-html4j Competition Condition Issue Vulnerability

Apache Netbeans-html4j is a Java-based and cross-platform Apache Foundation software for Java-Javascript interaction. A security vulnerability exists in the Apache Netbeans-html4j API version 1.7.1 HTML/Java, which results from a race condition between deleting temporary files and creating...

The vulnerability of the Apache NetBeans application environment update system, related to errors in the certificate validation process, allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the Apache NetBeans application environment update system is related to errors in the certificate validation process. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and integrity of the protected information...

The vulnerability of the Apache NetBeans application environment update system, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the Apache NetBeans application environment update system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2020-11986

To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis o...

CVE-2020-11986

To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis o...

CVE-2020-11986

To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis o...