62 matches found
CVE-2026-45311
CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the runtests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries, build.rs build...
Malicious Package
Overview build-scripts-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-4276 Malicious code in build-scripts-utils (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
Malicious code in build-scripts-utils (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
EUVD-2020-4309
Malware in sbrugna...
EUVD-2017-12292
Malware in sbrugna...
EUVD-2009-0189
Malware in sbrugna...
EUVD-2022-6662
Malicious code in bioql PyPI...
Exploit for CVE-2023-4130
README This repo accompanies my research article Eternal-Tux...
Linux Distros Unpatched Vulnerability : CVE-2020-11986
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to ...
MAL-2025-21079 Malicious code in fusion-starter-build-scripts (npm)
The package fusion-starter-build-scripts was found to contain malicious code...
Malicious code in fusion-starter-build-scripts (npm)
The package fusion-starter-build-scripts was found to contain malicious code...
CVE-2025-6705
A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new...
CVE-2025-6705
A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new...
CVE-2025-6705
A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new...
openSUSE 15 Security Update : radare2 (openSUSE-SU-2025:0072-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025:0072-1 advisory. - CVE-2025-1378: Fixed memory corruption boo1237250 https://github.com/radareorg/radare2/releases/tag/5.9.0 Update to version 5.8.8: For details, check...
Malicious code in ecpfs-react-build-scripts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4aa038b17c743c2c728e2687e0f828cbd3b0a8934efb7637a1bdc9879882abf3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11973 Malicious code in ecpfs-react-build-scripts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4aa038b17c743c2c728e2687e0f828cbd3b0a8934efb7637a1bdc9879882abf3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
OESA-2024-1811 rust security update
Rust is a systems programming language focused on three goals:safety, speed,and concurrency.It maintains these goals without having a garbage collector, making it a useful language for a number of use cases other languages are not good at: embedding in other languages, programs with specific spac...
BIT-GRADLE-2021-29427 Repository content filters do not work in Settings pluginManagement
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies...