MAL-2025-1062 Malicious code in aptos-cctp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b6cd02da8fc37ab7c63f1d8889bff2a948798c518d8d3ba61554aacbfa61546 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1056 Malicious code in action-doctl (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c01cc18428c5e64e38347a9be7579cecbcafbaeec2cf75f6a004d40f036f2911 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the SCSI component in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the SCSI component in the Linux operating system is related to incorrect validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the SCSI component in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the SCSI component in the Linux operating system is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause service failures...

Malicious code in magic-enum (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 598b85d2cd40d3abeef6fd8285d482735da83dc1711554425a6923673d7698e6 Any computer that has this package installed or running should be considered...

Malicious code in nodejs-paypal-checkout-demo (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 909c8505097e7b62c38bde6c75bb0ba8516f566136ec093b913944bcbdd1130e Any computer that has this package installed or running should be considered...

Malicious code in node-telegram-sdk (npm)

This package adds the attacker's public SSH key to the user's authorizedkeys file, creating a backdoor. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64fa53b655e6444ccce46488f04d3dcf7f427354b64c286c652de18e947c2c74 Any computer that has this package installed or...

Malicious code in @zohaib2121/dtapp (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27f5d74d5d130aff4fd7d231b3d9cd57faedebb2a8cc7f462d33e36d00764d50 Any computer that has this package installed or running should be considered...

CVE-2025-23045

CVE-2025-23045 affects Computer Vision Annotation Tool (CVAT). An attacker with an account on an affected CVAT instance can execute arbitrary code in the Nuclio function container via serverless tracker functions (TransT and SiamMask); deployments with custom tracker functions may also be affecte...

Malicious code in compound-protocol (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af5d6716f9bf59535bb198a6a0def45229c19613577dde244bb2a4562790b3db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Computer Vision Annotation Tool 代码问题漏洞

Computer Vision Annotation Tool CVAT is a cvat.ai open source interactive video and image annotation tool for computer vision. A code issue vulnerability exists in Computer Vision Annotation Tool that originates when running certain types of serverless functions, which could allow an attacker to...

PT-2025-4790 · Nuclio +1 · Nuclio +1

Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.26.0 Description: The issue allows an attacker with an account on an affected CVAT instance to run arbitrary code in the context of the Nuclio function container. This affects CVAT...

MAL-2025-582 Malicious code in web3-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f572ff12e76b413beb79e843e9a403a5708b245f9f7ba85d18119e1074bf4fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-581 Malicious code in upm-npm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 341ba142a6dcaf4029799486f0a64c804e100355a19884e84ed35e73dec44f6a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in com.unity.test.metadata-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 703b2d3b91d7b6130d1e2d95312b0f80ca094abe683340c79b3b3ca0dbc84423 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-568 Malicious code in com.unity.test.metadata-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 703b2d3b91d7b6130d1e2d95312b0f80ca094abe683340c79b3b3ca0dbc84423 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in lexical-esm-nextjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 808bb38341306bbd08d655abd9928c5cf279412658db15774579d78f195f5a39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-578 Malicious code in ig-sonar-runner (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 678d2f9e7e569b552fb1c7141755f6c84ec21e62122d3167be78aca0bd1ee2e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-577 Malicious code in ig-release (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 379d23f2972b694bbd86df7bfb1e700877bcb3762383582507d752113bbb3eb9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-567 Malicious code in airbnb-user (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f07949285a0d1add8d97f855b50c15882889463a482eb03f4ea66453dfcb601f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...