MAL-2025-5278 Malicious code in codesandbox-deps (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a8cbaaee48ac510c9d11bc481194ff5a4006d0233d8d2d06a3422628cea6a879 Any computer that has this package installed or running should be considered...

Malicious code in codesandbox-deps (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a8cbaaee48ac510c9d11bc481194ff5a4006d0233d8d2d06a3422628cea6a879 Any computer that has this package installed or running should be considered...

Cross-site Scripting (XSS) - Generic in frappe/charts

Description frappe-charts is vulnerable to Cross-Site Scripting XSS due to an incomplete fix https://github.com/frappe/charts/commit/d5706a501b44fce6949216b635ed6c5e785c471d. Steps To Reproduce 1. Open the following codesandbox...

Cross-site Scripting (XSS) - Generic in frappe/charts

Description frappe-charts is vulnerable to Cross-Site Scripting XSS. Steps To Reproduce 1. Open NPM repo https://www.npmjs.com/package/frappe-charts 2. Open the Explore demos https://frappe.io/charts 3. At the bottom find the sandbox Ref:...

GitLab: Instant open redirect on Live preview WEB Ide opening

Hello Gitlab team! Asset is my own gitlab installation for Ubuntu. The issue I want to report is lack of sandbox attribute in iframe pointing to codesandbox. This results content inside iframe redirect top level window on load. How to reproduce: 1. create index.js with following content:...