MAL-2025-3087 Malicious code in @bmw-fedev/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aaf1cfd96aa6434cb73b22f2e38fda0979e7847fff11c575bd67ea8e2f09c8f4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3123 Malicious code in trrx (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43096da9f5184fd6d2799200367daed2ed6e9654a3731c0035479ec9d1b1bd61 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3122 Malicious code in tiktok_4d_webapp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee7b2f7d0a2a643de495f8b050981233231b51ed49c2dabb3e2de7b908b9fa7a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3107 Malicious code in my-test002-datetime-momo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a688643a119539cf494c667fdedfeb4b5373651b0296fe8252d54d72bd7e30b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3102 Malicious code in invoicelifecycle-paypal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e84b4abbc087a7b5b42ad12ecca83b68ff5f017356808e508ee32f7bfe000a1f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in nva-process-inf (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d654f39c1766e74a8a2950ae8ceb43686999ec02923d6454655c6596bd87354b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3109 Malicious code in nva-direct-showof (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d8b4952e45ae0f21b713b389d983c27d4b09a8410a0416bfd8efb2b2923ff02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Missing Authorization

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Missing Authorization in the doCreateItem method. A user with Computer/Create permission can copy an agent and thereby access its configuration. Remediation Upgrade...

GHSA-WR6W-JXG7-QPFH Jenkins Missing Permission Check

Jenkins 2.503 and earlier, LTS 2.492.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration. This is due to an...

GHSA-565R-PF5Q-45V6 Jenkins Missing Permission Check

Jenkins 2.503 and earlier, LTS 2.492.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration. Jenkins 2.504, LTS 2.492.3 require...

CVE-2025-31721

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration...

CVE-2025-31720

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration...

MAL-2025-3056 Malicious code in @hongfangze/three-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ce552b8f15a3e5d94a92d9b3cb42e8cfe7f681bf36a3018cd02afd29436900d9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @hongfangze/calc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 62ce8da37d7e1e8677cceb4a5db36f031470df22a7996162be8d54154076796a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @hongfangze/computer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f193d733695d36780af7e894963ab02c1590dba0234fd30623aa2ff3408b552d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @hongfangze/filestream (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb8918dc757e8560ab3e6a414e7ce77f963e8f5a199d1b274ff4a402aabb9751 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @hongfangze/guid (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd7220c6bb13c845faf097d4684a1e9ebf6bf2d825956bd8f565b996a804a193 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3037 Malicious code in @hongfangze/convert (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 58a6ee6ea5b224ab24892e45f1a473b53c5fa5cf89b93c73a62688b2790eb9c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3033 Malicious code in @hongfangze/array (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f960dc6274e7bc128da9e089382bd14d47a6e944b250dbc6a53b2f4a17cce5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3044 Malicious code in @hongfangze/guid (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd7220c6bb13c845faf097d4684a1e9ebf6bf2d825956bd8f565b996a804a193 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...