31 matches found
Malicious Package
Overview modules-umd-systemjs is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...
Malicious Package
Overview typescript-react-query is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior T...
Malicious code in cicd-ppe-redteam-test02 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 14adb6733ca8f958770b9766a7f255fbd8562886dce3b42cee772eac50e52d0f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-1064 Malicious code in cicd-ppe-redteam-test02 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 14adb6733ca8f958770b9766a7f255fbd8562886dce3b42cee772eac50e52d0f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-1063 Malicious code in cicd-ppe-redteam-test01 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5ff0b643e9e96817244b6499fdbcfd26b6c26cf366980909a6461e4c15b389fd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in cicd-ppe-redteam-test01 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5ff0b643e9e96817244b6499fdbcfd26b6c26cf366980909a6461e4c15b389fd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in @epc-infra/cicd-stack (npm)
The package @epc-infra/cicd-stack was found to contain malicious code...
MAL-2025-7836 Malicious code in @epc-infra/cicd-stack (npm)
The package @epc-infra/cicd-stack was found to contain malicious code...
Malicious code in gfg-cicd-scripts (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-2419 Malicious code in gfg-cicd-scripts (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in @store-sfdcbt-net/cicd_gulp-central-js-lib-v1 (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-1983 Malicious code in @store-sfdcbt-net/cicd_gulp-central-js-lib-v1 (npm)
--- -= Per source details. Do not edit below this line.=-...
CLI for Vela Insecure Variable Substitution
Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...
GHSA-4JHJ-3GV3-C3GR CLI for Vela Insecure Variable Substitution
Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...
Golang SDK for Vela Insecure Variable Substitution
Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...
GHSA-69P4-J5V5-X234 Server/API for Vela Insecure Variable Substitution
Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...
GHSA-7V38-W32M-WX4M Types for Vela Insecure Variable Substitution
Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...
Types for Vela Insecure Variable Substitution
Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...
GHSA-PWX5-6WXG-PX5H Insecure Variable Substitution in Vela
Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...
Insecure Variable Substitution in Vela
Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...