1485 matches found
Malicious Package
Overview ifood-companies-manager-front is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview preset-classic is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Embedded Malicious Code
Overview cdn-icon-fetch is a Malicious package. Affected versions of this package are vulnerable to Embedded Malicious Code. Once this package is installed and executed, it downloads a Javascript file from a cdn-static-server.vercel.app URL, which appears to be an image hosting site. However, by...
Malicious Package
Overview chauuuyhhn is a malicious package. This package contains malicious code that exfiltrates sensitive data. Remediation Avoid using all malicious instances of the chauuuyhhn package. References - Security Advisory...
PT-2024-27975 · Tellus +1 · Tellus +1
Name of the Vulnerable Software and Affected Versions: TELLUS versions 4.0.19.0 and earlier TELLUS Lite versions 4.0.19.0 and earlier Description: The issue is an Out-of-bounds read vulnerability. If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be...
Malicious Package
Overview flag-leak-r is a malicious package. This package contains malicious code and was removed from the package manager. Remediation Avoid using all malicious instances of the flag-leak-r package. References - PyPi Package...
Malicious Package
Overview branch-extension is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview annotation-app is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview openai-bun-test is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview uchiwa is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview sae-viewer is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...
PT-2024-28389 · Unknown · Luci-App-Sms-Tool
Name of the Vulnerable Software and Affected Versions: luci-app-sms-tool version 1.9-6 Description: A command injection issue was found in luci-app-sms-tool via the score parameter. Recommendations: For luci-app-sms-tool version 1.9-6, avoid using the score parameter until a fix is available...
PT-2023-20514 · Flatnest · Flatnest
Name of the Vulnerable Software and Affected Versions: flatnest versions all Description: The issue concerns Prototype Pollution via the nest function in the flatnest/nest.js file. This affects all versions of the package flatnest. Recommendations: For all versions, consider disabling the nest...
PT-2023-21861 · Unknown · Simple Design Daily Journal +1
Name of the Vulnerable Software and Affected Versions: Simple Design Daily Journal version 1.012.GP.B Description: A vulnerability has been found in the SQLite Database component, leading to cleartext storage in a file or on disk. The manipulation can be launched on the local host. The exploit ha...
Malicious Package
Overview react-sports is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview egstore-suspense is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...
Malicious Package
Overview y-font-decoder is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...
Malicious Package
Overview @exabyte-io/code.js is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...
Malicious Package
Overview spectra-ui-commons is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
Malicious Package
Overview @yandex-travel/eslint-kit is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...