MAL-2026-4623 Malicious code in npm-builderio-qwik-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11a743cdce28dd141d636ff13baaee44df53fbaaed17efdc5a7380281b7097e1 The package's main entry index.js is a working browser exploit, not a library. When loaded in a DOM context, it creates a hidden iframe pointing at...

EUVD-2023-0488

Malicious code in bioql PyPI...

CVE-2023-1283

Code Injection in GitHub repository builderio/qwik prior to 0.21.0...

CVE-2023-2307

Cross-Site Request Forgery CSRF in GitHub repository builderio/qwik prior to 0.104.0...

CVE-2023-0410

Cross-site Scripting XSS - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5...

CVE-2023-2307 Cross-Site Request Forgery (CSRF) in builderio/qwik

Cross-Site Request Forgery CSRF in GitHub repository builderio/qwik prior to 0.104.0...

CVE-2023-2307 Cross-Site Request Forgery (CSRF) in builderio/qwik

Cross-Site Request Forgery CSRF in GitHub repository builderio/qwik prior to 0.104.0...

CVE-2023-2307

CVE-2023-2307 describes a Cross-Site Request Forgery (CSRF) vulnerability in the GitHub repository for builderio/qwik. The vulnerability affects versions prior to 0.104.0, where an attacker could abuse CSRF to perform unintended actions in scoped user contexts. Public sources consistently referen...

CVE-2023-2307 Cross-Site Request Forgery (CSRF) in builderio/qwik

Cross-Site Request Forgery CSRF in GitHub repository builderio/qwik prior to 0.104.0...

CVE-2023-1283

Code Injection in GitHub repository builderio/qwik prior to 0.21.0...

Code injection

Code Injection in GitHub repository builderio/qwik prior to 0.21.0...

CVE-2023-1283

CVE-2023-1283 affects builderio/qwik versions prior to 0.21.0. The vulnerability arises from the deserializer exposed via the pureServerFunction feature, enabling an unauthenticated attacker to inject and run arbitrary JavaScript code (via a crafted request to /q-data.json). Impact is code execut...

CVE-2023-1283 Code Injection in builderio/qwik

Code Injection in GitHub repository builderio/qwik prior to 0.21.0...

CVE-2023-0410

CVE-2023-0410 affects builder.io/qwik prior to 0.1.0-beta5. The vulnerability is a Cross-site Scripting (XSS) issue caused by improper sanitization in render-ssr.ts, enabling injection and execution of arbitrary JavaScript. Multiple sources (NVD/Red Hat/OSV/Veracode/GHSA) confirm the same vector ...

CVE-2023-0410 Cross-site Scripting (XSS) - Generic in builderio/qwik

Cross-site Scripting XSS - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5...

CVE-2023-0410 Cross-site Scripting (XSS) - Generic in builderio/qwik

Cross-site Scripting XSS - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5...