MAL-2026-3789 Malicious code in jenkins-forge-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3120a240b8c41b579052ef41d9ced1b143fa654155901c8ac183b99cd99b83e4 The package jenkins-forge-app was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1115 Malicious code in chai-vest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b92343f543acb60949d618ec06160013b1536a63f3db5431a4e24b1eaac2ccae The package chai-vest was found to contain malicious code. Source: ghsa-malware 2d3a82ac6f8ebd7b7eba324f04e78d43fccef2f3ddf20c24014f4768dc50731d Any...

Malicious code in web3-chain-sinon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d656a8031870a05e2b7fa8dec1f3f9b9b48c3d8de3d93df42c787c139b0693a5 The package web3-chain-sinon was found to contain malicious code. Source: ghsa-malware f522ddb6d36708e509e4e4074bed2658a3a1e4101d4a45bb588e08c611cc33...

Malicious code in babel-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e9ff5d2308ea7b49b6fbf0f4e49dd88fe66d82523ae39b56d2c8ce3747e64c7 The package babel-js was found to contain malicious code. Source: ghsa-malware 971a7cbc4a8fb219a47c89b6aa15c980a6d562786f2800c575eb250f53e229e1 Any...

Malicious code in pinecone-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c597ee3d643e51ba6eca0553a77be1c79a3e5dc72d8450b09b7f405a558d2d56 The package pinecone-js was found to contain malicious code. Source: ghsa-malware 0e6ef1006a92156684ab8d3e78ab8e036d4c27f591eba5212441a68be8231a66 An...

CVE-2019-12147

The Sangoma Session Border Controller SBC 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to th...

Malicious code in typefence (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c9ac344bf18963e146d64aec1de72c3db819eb2c4356be7257ef1980555a17f The package typefence was found to contain malicious code. Source: ghsa-malware 28d8025e6d485b7679079ba265b2ed9a28c10029903c94441308121d974cbf18 Any...

EUVD-2023-38023

Malicious code in bioql PyPI...

CVE-2025-20333

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper...

Malicious code in square-crypto-utils-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c2a693727e119b7e668536dcb77730f98ba80f9bcc2b03f5bbc80f53fea74d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4821 Malicious code in csvtool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e8d9b3cadfd970dcf2392be22191a804e0b036f926807ed006b53d1542fb4ffc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mxc-jsbridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a080d6fa2cab7be94e152a7b621f7fd9d0ce62e7a726343e61bfbdf9e676e427 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in team-portal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cf80f4dc8a828d3686ff11039376a7c45d8fcfc2424f006ac52ae528030a6547 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2019-17564

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4,...

Malicious code in expo-sessoion (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df1f3216c0e974fd221139390340264f652810347ffd8e432f00d398412c0058 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3112 Malicious code in payoutsapiserv-paypal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3138bfa1642d8493a633368a78332106126b9c776849c8525ab1fc491544935c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2791 Malicious code in transactions-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware add05b58536e55e9dfed5253cce6ec918d905362b9e9d30531d1a20dd39aca1a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2679 Malicious code in internallib_v341 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 865726c0916807b2585990f7ea5edfefa1f6562a0ab9d319a37a67a1129338c1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in nicegirl (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05d61fc6a090b764666270f91b100bc166fbb85c0227ac947e1bdc876bc8e6a4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1619 Malicious code in paypal-checkout-integration-backend-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8978fb3635d1339256e1aa90eab3f76ba33bad36f9a2ffd70d1f6fc7d60ccca8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...