How exposed is your code? Find out in minutes—for free

Most security leaders share the same suspicion: there are vulnerabilities in our codebase that we don't know about. The uncomfortable truth is that most code never gets a thorough security review. Vulnerabilities accumulate quietly in active repositories, across languages and teams, often...

Malicious Package

Overview sap-autofix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

EUVD-2026-1374

Malicious code in sort-imports-es6-autofix npm...

Malicious code in sort-imports-es6-autofix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20061f2672fcbe82b13ab8e09c629d93991ef45200bb30c7bf9a1dc78cbb4230 The package sort-imports-es6-autofix was found to contain malicious code. Source: ghsa-malware...

EUVD-2008-0323

Malware in sbrugna...

MAL-2024-7590 Malicious code in sap-autofix (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0b73b299a434832500ebc4e7971eda1e258a34b795505ea4127411489ce3e8f4 The OpenSSF Package Analysis project identified 'sap-autofix' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in sap-autofix (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0b73b299a434832500ebc4e7971eda1e258a34b795505ea4127411489ce3e8f4 The OpenSSF Package Analysis project identified 'sap-autofix' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

GitHub Launches AI-Powered Autofix Tool to Assist Devs in Patching Security Flaws

GitHub on Wednesday announced that it's making available a feature called code scanning autofix in public beta for all Advanced Security customers to provide targeted recommendations in an effort to avoid introducing new security issues. "Powered by GitHub Copilot and CodeQL, code scanning autofi...

Symantec AutoFix支持工具SYMADATA.DLL控件多个安全漏洞

BUGTRAQ ID: 28507,28509 CVECAN ID: CVE-2008-0312,CVE-2008-0313 Symantec AutoFix是一些Norton产品中所使用的用于排除Symantec客户端产品中问题的工具。 AutoFix支持工具中所捆绑的ActiveX控件（SYMADATA.DLL）实现上存在漏洞，远程攻击者可能利用此漏洞控制用户系统。 控件为： Clsid：3451DEDE-631F-421c-8127-FD793AFC6CC8 文件：C:\PROGRA1\COMMON1\SYMANT1\SUPPOR1\SymAData.dll Version...

CVE-2008-0312

Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute...

CVE-2008-0312

CVE-2008-0312 is a stack-based buffer overflow in the AutoFix Support Tool ActiveX control SYMADATA.DLL v2.7.0.1, used by Norton products (e.g., Norton 360 1.0, AntiVirus/Internet Security/System Works 2006–2008). The overflow occurs via a long argument to GetEventLogInfo and could allow remote c...

CVE-2008-0312

Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute...