MAL-2026-6376 Malicious code in bn-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c14057d91b2283926b2b0c1093a66db17c40efbd0ceb21c29b0bdbfa79736da5 Package is published as 'bn-lint' but ships a verbatim copy of MikeMcl/big.js README, source, version banner v7.0.1, and repo URL all identify as...

Malicious code in bn-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c14057d91b2283926b2b0c1093a66db17c40efbd0ceb21c29b0bdbfa79736da5 Package is published as 'bn-lint' but ships a verbatim copy of MikeMcl/big.js README, source, version banner v7.0.1, and repo URL all identify as...

MAL-2026-4779 Malicious code in ether-bn.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cc5567869e3d616af151887f680ef13bf23f8a19fe5978343254b921c1c7c73 Package name 'ether-bn.js' resembles the widely-used 'bn.js' big-number library, and the README directs users to install yet another name...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the FormManager::create function. An attacker can access and exfiltrate sensitive database contents, including user credentials, by injecting arbitrary SQL statements through crafted input to the bnidnature parameter...

JLSEC-2026-216 There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with...

There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

EUVD-2026-17691

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in coolsnowwolf lede package/lean/mt/drivers/mt7603e/src/mt7603wifi/common modules. This vulnerability is associated with program files bnlib.C. This issue affects lede: through r25.10.1...

CVE-2026-2739

A flaw was found in bn.js. When calling the maskn0 function on a BN instance, there is potential for this action to corrupt the internal state of the library, causing critical methods such as toString and divmod to enter an infinite loop. The primary consequence is a Denial of Service DoS, where...

CVE-2026-2739

This affects versions of the package bn.js before 5.2.3. Calling maskn0 on any BN instance corrupts the internal state, causing toString, divmod, and other methods to enter an infinite loop, hanging the process indefinitely...

CVE-2026-24803

CVE-2026-24803 describes an infinite loop (unreachable exit condition) vulnerability in coolsnowwolf/lede within the MT7615D wifi drivers under mt_wifi/embedded/security modules, specifically associated with bn_lib.C. Affected software: LEDE project releases up to and including r25.10.1. Root cau...

PT-2026-4872

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in coolsnowwolf lede package/lean/mt/drivers/mt7615d/src/mt wifi/embedded/security modules. This vulnerability is associated with program files bn lib.C. This issue affects lede: through r25.10.1...

PT-2026-4873

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in coolsnowwolf lede package/lean/mt/drivers/mt7603e/src/mt7603 wifi/common modules. This vulnerability is associated with program files bn lib.C. This issue affects lede: through r25.10.1...

EUVD-2025-139224

Malicious code in nuyar-adair-bn npm...

EUVD-2010-4833

Malware in sbrugna...

EUVD-2018-1488

Malware in sbrugna...

Malicious code in @pumpfun-sdk/bn-converter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06bcd5e8715873a001eadde3f34011c22ba27a599e02a712fde9f44036b62fb0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47264 Malicious code in @pumpfun-sdk/bn-converter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06bcd5e8715873a001eadde3f34011c22ba27a599e02a712fde9f44036b62fb0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview @pumpfun-sdk/bn-converter is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2025-41608 Malicious code in sqrt-bn-enhanced (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in sqrt-bn-enhanced (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in sqrt-bn (npm)

--- -= Per source details. Do not edit below this line.=-...