Malicious code in frontend-auth-client (npm)

The package frontend-auth-client was found to contain malicious code...

Malicious code in web-auth-client (npm)

The package web-auth-client was found to contain malicious code...

MAL-2025-38967 Malicious code in web-auth-client (npm)

The package web-auth-client was found to contain malicious code...

MAL-2025-20968 Malicious code in frontend-auth-client (npm)

The package frontend-auth-client was found to contain malicious code...

MAL-2025-5971 Malicious code in vss-web-auth-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 70dc7c0837db09d1f3b1d98483b9ce346b56d8ea5ae46ee6b2d974d8be75ea26 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-29036

Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users shoul...

MAL-2024-6722 Malicious code in auth-client (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in auth-client (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys

Problem User sessions in the @nfid/embed SDK with Ed25519 keys are vulnerable due to a compromised private key 535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe. This exposes users to potential loss of funds on ledgers and unauthorized access to canisters they control. Solution Usin...

@bundly/ic-core-js (>=0.1.0 <=0.4.2-rc.4), @bundly/ic-react (>=0.1.0 <=0.4.2-rc.4) +10 more potentially affected by CVE-2024-1631 via @dfinity/auth-client (>=0.20.2 <=0.9.3)

@dfinity/auth-client NPM version =0.20.2, =0.1.0, =0.1.0, =0.1.1, =0.0.2, =0.0.1, =0.0.1, =0.0.3, =0.0.2, =0.0.38-next-2023-12-19, =0.0.1, =0.0.7 Source cves: CVE-2024-1631 Source advisory: OSV:GHSA-C9VV-FHGV-CJC3...

yii2 security vulnerabilities

yii2 is a fast, secure and professional PHP framework. A security vulnerability exists in yii2-authclient versions prior to 2.2.15 that stems from vulnerability to cross-site request forgery CSRF attacks...

MAL-2022-793 Malicious code in @zeos-libs/auth-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eee22ec16fe8410ba0fa17b116c3f3bc6c12ac2f37d88e9e81e5cc13ac891467 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @zeos-libs/auth-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eee22ec16fe8410ba0fa17b116c3f3bc6c12ac2f37d88e9e81e5cc13ac891467 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.2 <=4.6.0.0), ai.ylyue:yue-library-auth-client (=j11.2.6.0) +1749 more potentially affected by CVE-2022-22978 via org.springframework.security:spring-security-core (>=5.6.0 <=5.6.3)

org.springframework.security:spring-security-core MAVEN version =5.6.0, =4.4.0.2, =1.3.1.RELEASE, =0.2.0, =0.8.3, =2.1.0.M8, =1.0.0, =2.7.0.Beta3, =2.7.0.Beta4, =2.7.0.Beta3, =2.7.0.Beta3, =2.7.0.Beta3, =2.7.0.RC1 and more Source cves: CVE-2022-22978 Source advisory: OSV:GHSA-HH32-7344-CG2F...

Malicious Package

Overview auth-client is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using auth-client...

4everland-pinning (>=1.0.4 <=1.0.10), @0x5e/homebridge-tuya-platform (>=1.6.0 <=1.7.0-beta.58) +3260 more potentially affected by CVE-2019-5432 via mqtt-packet (>=6.0.0 <=6.10.0)

mqtt-packet NPM version =6.0.0, =1.0.4, =1.6.0, =1.0.1, =0.2.0, =0.4.19, =0.12.0, =0.1.5, =0.1.8, =0.1.3, =0.12.0, =0.1.0, =0.8.3, =0.12.0, =0.12.0, =0.12.0, =0.14.4 and more Source cves: CVE-2019-5432 Source advisory: OSV:GHSA-WV67-9JQ7-8R69...

Dovecot Memory Leak Vulnerability

Dovecot is an open source Linux/UNIX-based class of IMAP and POP3 mail server . auth client is one of the authentication client . A memory leak vulnerability exists in the auth client in Dovecot versions 2.0 through 2.2.33 and 2.3.0. An attacker can exploit this vulnerability to cause a denial of...

DEBIAN-CVE-2017-15132

A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to...