Malicious code in @bonsai-ai/claude-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad3b5646cf88b8eb5a7dbbec9fc2f1cfefcdf3a241d9604992e72c2f629889b9 Package published as @bonsai-ai/claude-code impersonates Anthropic's official @anthropic-ai/claude-code CLI. package.json sets author to 'Anthropic '...

MAL-2026-4371 Malicious code in @bonsai-ai/claude-code-win32-x64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6591be3fe5d0b37196562035353367d96a2bb1390d8f0f4dae3c5abbfd927f6 Package is published under the @bonsai-ai scope but impersonates Anthropic's official @anthropic-ai/claude-code-win32-x64 platform package...

EUVD-2003-0151

Malware in sbrugna...

EUVD-2003-0148

Malware in sbrugna...

EUVD-2003-0149

Malware in sbrugna...

MAL-2025-6826 Malicious code in microsoft-bonsai-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f75eaf29b0dbada65bcac01f3d2789298d785098ab86d180232abf37a1e16070 The OpenSSF Package Analysis project identified 'microsoft-bonsai-api' @ 9.9.9 npm as malicious. It is considered malicious because: - The packa...

Malicious code in microsoft-bonsai-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f75eaf29b0dbada65bcac01f3d2789298d785098ab86d180232abf37a1e16070 The OpenSSF Package Analysis project identified 'microsoft-bonsai-api' @ 9.9.9 npm as malicious. It is considered malicious because: - The packa...

CVE-2023-44392

Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...

CVE-2023-44392 Arbitrary code execution vulnerability when using shared Kubernetes cluster

Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...

CVE-2023-44392 Arbitrary code execution vulnerability when using shared Kubernetes cluster

Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...

swindon-bonsai.co.uk Cross Site Scripting vulnerability OBB-3364222

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

MAL-2022-4585 Malicious code in microsoft-bonsai-visualizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af44fbbcf5f4c4b320b933ab7cc00323158be62a4c2d23be50f06265760b5a4b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in microsoft-bonsai-visualizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af44fbbcf5f4c4b320b933ab7cc00323158be62a4c2d23be50f06265760b5a4b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Mozilla Bonsai Multiple Cross Site Scripting Vulnerabilities

No description provided by source...

Apache OFBiz - FULLADMIN Creator PoC Payload

No description provided by source. / Apache OFBiz FULLADMIN Creator PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var username = 'bonsaiUser'; var password = 'bonsaiPass'; var nodes =...

Achievo <= 1.3.4 - SQL Injection

No description provided by source. Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ SQL Injection in Achievo 1. Advisory Information Title: SQL Injection in Achievo Advisory ID: BONSAI-2009-0102 Advisory URL:...

Apache OFBiz - SQL Remote Execution PoC Payload

No description provided by source. / Apache OFBiz SQL Remote Execution PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var cmd = 'command'; var xmlhttp=false; try xmlhttp = new ActiveXObjectMsxml2.XMLHTTP; catch e...

Mozilla Bonsai 1.3 Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5517/info A path disclosure vulnerability has been reported in Mozilla Bonsai. An attacker can exploit this vulnerability by making a malformed request to Bonsai. This causes Bonsai to return an error page to the requesti...

VMware Tools - Update OS Command Injection

VMware Tools - Update OS Command Injection VMware Tools update OS Command Injection ======================================== 1. Advisory Information Advisory ID: BONSAI-2010-0110 Date published: Thu Dec 9, 2010 Vendors contacted: VMware Release mode: Coordinated release 2. Vulnerability Informati...

Oracle Virtual Server Agent - Command Injection

Oracle Virtual Server Agent Command Injection ============================================= 1. Advisory Information Advisory ID: BONSAI-2010-0109 Date published: 2010-10-13 Vendors contacted: Oracle Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely...