90 matches found
Malicious code in @meego-progressive/cdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a7205f38cfc6908e42b221ffcaf5118f3ef9891d4b1cc7c0798411cc7b0b349 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6632 Malicious code in @meego-progressive/cdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a7205f38cfc6908e42b221ffcaf5118f3ef9891d4b1cc7c0798411cc7b0b349 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Command Injection
Overview aws-cdk-lib is a Version 2 of the AWS Cloud Development Kit library Affected versions of this package are vulnerable to Command Injection via the NodejsFunction local bundling pipeline, when an attacker controls the value of one or more of the properties externalModules, define, loader,...
CVE-2026-11417
OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 2.246.0 on Windows might allow an actor who controls the value of one or more bundling properties externalModules, define, loader, inject, or esbuildArgs to execute arbitrary commands on the host...
CVE-2026-11417 OS Command Injection in NodejsFunction Bundling in aws-cdk-lib
OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 2.246.0 on Windows might allow an actor who controls the value of one or more bundling properties externalModules, define, loader, inject, or esbuildArgs to execute arbitrary commands on the host...
PT-2026-48489
Name of the Vulnerable Software and Affected Versions aws-cdk-lib versions prior to 2.245.0 aws-cdk-lib versions prior to 2.246.0 Windows Description OS command injection exists in the NodejsFunction local bundling pipeline. An actor who controls the value of one or more bundling...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...
Malicious Package
Overview reactive-cdk-app is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-4255 Malicious code in cdk-sagemaker-notebook-workflow (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cc9c1db01ca14b294be21438478ec14dc6549a4b7b9ec5cf73dd7aa227f7ad8 The package declares a preinstall hook node index.js in package.json that fires automatically on npm install. The script collects os.hostname,...
Malicious code in reactive-cdk-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84d7572f96294e867b18a0448ac0e70af3d08769749aa73388b38d88492559e4 package.json declares preinstall: node index.js, so installation automatically executes index.js. The script reads /etc/passwd via fs.readFileSync,...
MAL-2026-4254 Malicious code in reactive-cdk-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84d7572f96294e867b18a0448ac0e70af3d08769749aa73388b38d88492559e4 package.json declares preinstall: node index.js, so installation automatically executes index.js. The script reads /etc/passwd via fs.readFileSync,...
EUVD-2025-7905
Malicious code in bioql PyPI...
EUVD-2025-10958
Malicious code in bioql PyPI...
EUVD-2025-9050
Malicious code in bioql PyPI...
Malicious code in @epc-tools/testutil-cdk-expect-policy (npm)
The package @epc-tools/testutil-cdk-expect-policy was found to contain malicious code...
MAL-2025-7848 Malicious code in @epc-tools/testutil-cdk-expect-policy (npm)
The package @epc-tools/testutil-cdk-expect-policy was found to contain malicious code...
Malicious code in cdk-integ-tools (npm)
The package cdk-integ-tools was found to contain malicious code...
MAL-2025-16694 Malicious code in cdk-integ-tools (npm)
The package cdk-integ-tools was found to contain malicious code...
Malicious code in @evt-cdk/codepipeline (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-6830 Malicious code in @evt-cdk/codepipeline (npm)
The package communicates with a domain associated with malicious activity...