Malicious code in github.com/BufferZoneCorp/go-weather-sdk (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

Inclusion of Sensitive Information in Source Code

Overview shakapacker is an Use webpack to manage app-like JavaScript modules in Rails Affected versions of this package are vulnerable to Inclusion of Sensitive Information in Source Code via the EnvironmentPlugin , which exposed all build environment variables. An attacker can access sensitive...