21 matches found
Malicious Package
Overview @sports-api/api-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in @sports-api/api-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6445b51deb95e237826188e8e4897f9c43cf8d9232f7d479b59922066a5ad3c The package @sports-api/api-sdk was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2595 Malicious code in @sports-api/api-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6445b51deb95e237826188e8e4897f9c43cf8d9232f7d479b59922066a5ad3c The package @sports-api/api-sdk was found to contain malicious code. Source: ghsa-malware...
Directory Traversal
Overview @anthropic-ai/sdk is a The official TypeScript library for the Anthropic API Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied paths in the memory tool. An attacker can access or modify files outside the intended sandboxed...
Malicious code in shop-api-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0306448f7e93f12777f1ee6bfa83d502c06b0a61ae631c612fabd3f8a5d6021 The package shop-api-sdk was found to contain malicious code. Source: ossf-package-analysis...
EUVD-2025-201807
Malicious code in shop-api-sdk npm...
MAL-2025-192378 Malicious code in shop-api-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0306448f7e93f12777f1ee6bfa83d502c06b0a61ae631c612fabd3f8a5d6021 The package shop-api-sdk was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-191333 Malicious code in @voiceflow/api-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3e961a08f55ee9c09ea08f6e26ed609d489927fd347b2015b8c7a3074f6c439 The package @voiceflow/api-sdk was found to contain malicious code. Source: ghsa-malware...
Malicious code in @voiceflow/api-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3e961a08f55ee9c09ea08f6e26ed609d489927fd347b2015b8c7a3074f6c439 The package @voiceflow/api-sdk was found to contain malicious code. Source: ghsa-malware...
@voiceflow/alexa-types (>=2.14.43 <=2.15.62), @voiceflow/api-sdk (>=3.27.18 <=3.28.60) +7 more potentially affected by unknown CVE via @voiceflow/base-types (>=2.100.1 <=2.136.1)
@voiceflow/base-types NPM version =2.100.1, =2.14.43, =3.27.18, =2.13.92, =2.0.0, =2.20.44, =1.60.0, =1.8.0, =2.9.71, =3.26.33, =3.32.47 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWBASETYPES-14103397...
@voiceflow/alexa-types (>=1.1.3 <=1.49.0), @voiceflow/api-sdk (>=1.0.0 <=1.31.6) +6 more potentially affected by unknown CVE via @voiceflow/pino (>=6.11.0 <=6.11.2)
@voiceflow/pino NPM version =6.11.0, =1.1.3, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =1.5.0, =1.10.2, =1.0.0, =1.17.4 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWPINO-14103426...
@voiceflow/alexa-types (>=2.0.0 <=2.16.3), @voiceflow/api-sdk (>=3.0.0 <=3.29.3) +11 more potentially affected by unknown CVE via @voiceflow/common (>=8.10.0 <=8.9.0)
@voiceflow/common NPM version =8.10.0, =2.0.0, =3.0.0, =2.50.1, =2.0.0, =3.0.0, =2.0.0, =2.0.0, =1.0.3, =1.3.3, =1.0.0, =2.0.0, =3.2.20, =1.0.3, =1.7.13 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWCOMMON-14103402...
MAL-2025-6601 Malicious code in thoughtspot-rest-api-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2023-1247 Malicious code in nextcloud-api-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis be6d2af367680b5d332b3472317eeab4a364c78e1617e1d7f3a32f1d797fcdc8 The OpenSSF Package Analysis project identified 'nextcloud-api-sdk' @ 1.1.1 npm as malicious. It is considered malicious because: - The package...
Malicious code in nextcloud-api-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis be6d2af367680b5d332b3472317eeab4a364c78e1617e1d7f3a32f1d797fcdc8 The OpenSSF Package Analysis project identified 'nextcloud-api-sdk' @ 1.1.1 npm as malicious. It is considered malicious because: - The package...
cloud.metaapi.sdk:metaapi-java-sdk (>=7.1.0 <=14.0.9), com.after_sunrise.cryptocurrency:bitflyer4j (>=0.5.0 <=0.6.0) +70 more potentially affected by CVE-2022-25867 via io.socket:socket.io-client (>=0.6.1 <=2.0.0)
io.socket:socket.io-client MAVEN version =0.6.1, =7.1.0, =0.5.0, =0.2.0, =1.1.5, =1.0.4, =1.0.4, =1.2.1, =2.3.3, =1.0.1, =2.1.0, =1.0, =1.0.1 and more Source cves: CVE-2022-25867 Source advisory: OSV:GHSA-85XX-XHJM-RHRW...
Malicious code in nw-api-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2fd21de2bcd0c316686e1736a541c5ace608448936e3edbcc38d4efae6135c18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4981 Malicious code in nw-api-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2fd21de2bcd0c316686e1736a541c5ace608448936e3edbcc38d4efae6135c18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Panasonic Security API SDK Iprosapi ActiveX Control Buffer Overflow (CVE-2015-4647)
A buffer overflow vulnerability exists in the Ipropsapi ActiveX Control component of the Panasonic Security API SDK. The vulnerability is due to an error when processing the FilePassword property. A remote attacker can exploit this vulnerability by enticing the victim to visit a specially crafted...
Panasonic Security API SDK Stack Buffer Overflow Vulnerability
The Panasonic Security API SDK is a webcam API interface development kit SDK from Panasonic Japan. A stack buffer overflow vulnerability exists in the 'GetStringInfo' method of the Panasonic Security API SDK. A remote attacker could exploit the vulnerability by setting the value of the...