62 matches found
CVE-2026-45311
CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the runtests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries, build.rs build...
Malicious Package
Overview build-scripts-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in build-scripts-utils (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
MAL-2026-4276 Malicious code in build-scripts-utils (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
EUVD-2020-4309
Malware in sbrugna...
EUVD-2017-12292
Malware in sbrugna...
EUVD-2009-0189
Malware in sbrugna...
EUVD-2022-6662
Malicious code in bioql PyPI...
Exploit for CVE-2023-4130
README This repo accompanies my research article Eternal-Tux...
Linux Distros Unpatched Vulnerability : CVE-2020-11986
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to ...
Malicious code in fusion-starter-build-scripts (npm)
The package fusion-starter-build-scripts was found to contain malicious code...
MAL-2025-21079 Malicious code in fusion-starter-build-scripts (npm)
The package fusion-starter-build-scripts was found to contain malicious code...
CVE-2025-6705
A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new...
CVE-2025-6705
A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new...
CVE-2025-6705
A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new...
openSUSE 15 Security Update : radare2 (openSUSE-SU-2025:0072-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025:0072-1 advisory. - CVE-2025-1378: Fixed memory corruption boo1237250 https://github.com/radareorg/radare2/releases/tag/5.9.0 Update to version 5.8.8: For details, check...
Malicious code in ecpfs-react-build-scripts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4aa038b17c743c2c728e2687e0f828cbd3b0a8934efb7637a1bdc9879882abf3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11973 Malicious code in ecpfs-react-build-scripts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4aa038b17c743c2c728e2687e0f828cbd3b0a8934efb7637a1bdc9879882abf3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
OESA-2024-1811 rust security update
Rust is a systems programming language focused on three goals:safety, speed,and concurrency.It maintains these goals without having a garbage collector, making it a useful language for a number of use cases other languages are not good at: embedding in other languages, programs with specific spac...
BIT-GRADLE-2021-29427 Repository content filters do not work in Settings pluginManagement
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies...