Malicious Package

Overview activerecord-forbid-implicitconnectioncheckout is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa...

GHSA-3X83-P476-VV95 Downloads Resources over HTTP in selenium-standalone-painful

Affected versions of selenium-standalone-painful insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

GHSA-6V7P-J23V-4XMW robot-js downloads Resources over HTTP

Affected versions of robot-js insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

GHSA-8CC8-8VVX-FHGW jdf-sass downloads Resources over HTTP

Affected versions of jdf-sass insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...