28 matches found
Malicious code in deere-ui-commonjs-shim (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a67ec4bddb1b8af04cfc08903b303377f2c20937c3b6f13287bcb450d2189a53 Any computer that has this package installed or running should be considered...
Malicious code in zkevm-commonjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f97b3c164e028fa05d0832ddbf8afc66fa090caec4d50eac611b2132c8b24925 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3266 Malicious code in zkevm-commonjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f97b3c164e028fa05d0832ddbf8afc66fa090caec4d50eac611b2132c8b24925 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-GCX4-MW62-G8WM DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
Summary We discovered a DOM Clobbering vulnerability in rollup when bundling scripts that use import.meta.url or with plugins that emit and reference asset files from code in cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting XSS in web pages where scriptless...
browserify-shim 安全漏洞
browserify-shim is used by thlorenz individual developers to make CommonJS incompatible files browsable. A security vulnerability exists in browserify-shim version 3.8.15, which stems from a prototype contamination vulnerability found in the resolveShims function...
MAL-2022-5840 Malicious code in rollup-pulgin-comsonjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f51e311c145a9753f0b9cb137dddc9e3bffb27b6cb502240c2b697d2028267ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1415 Malicious code in babel-pzugin-transform-es2015-modues-commonjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f487dcb86915ec1bb46550b2f2a4b5cc2d0deb6cdabc7fb8b3ca164467e27876 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1420 Malicious code in babelllugintransformes2015modulescommonjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85a16e3db18168e71a2eeec8f9190a55ae782642089ef8b41719535a6a434a82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...