3437 matches found
Malicious code in n8n-nodes-xkwqpzrt-jmflhvbn-dsyocgxwmkelpt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9aa71b86b24db0a3a609b749d0b80b7868fa8adac9950d7898460f643ecf14c The package n8n-nodes-xkwqpzrt-jmflhvbn-dsyocgxwmkelpt was found to contain malicious code. Source: ghsa-malware...
Malicious code in mapkit-example-vue (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a99b2a1b5d1181c18ff26056481018d107fc6fc38df563e0d7fba6aa44b7cd51 The package mapkit-example-vue was found to contain malicious code. Source: ghsa-malware...
Malicious code in overstock-jenkins (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da8c5441a7b9b1ad7193650b05275dc85626691e1fa1f04bb0f21783fa75673c The package overstock-jenkins was found to contain malicious code. Source: ghsa-malware...
Malicious code in aws-crt-nodejs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82067e17b63298c1e09a6b616010b7a8ebf7f607510795f98428f8e5305994ab The package aws-crt-nodejs was found to contain malicious code. Source: ghsa-malware 40ddba391f5ca6a4fa75fe5e5440dfd1f57833b391d8db3c2e5918aef284a294...
Malicious code in oce-validate (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cc6b17601336bdff3872b33d794187edf7b7a3779e96d01d0eb1081e043ecf5 The package oce-validate was found to contain malicious code. Source: ghsa-malware 4e0413e75c3bcfe39d1a45db99c6ac3968db6c708667e30eb88879f9fd483331 A...
MAL-2026-410 Malicious code in clerk-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 380b4e8d88a5d8a96ffe344566787326dbace52224d29a853cd4553fac40bd1c The package clerk-js was found to contain malicious code. Source: ghsa-malware 2433ecd39bbf328a21740fa34f33bb09d575e76f6f280b915c7ea15fbc55c2b3 Any...
MAL-2026-386 Malicious code in chai-chain-async (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3340d37485bf0cbe47f2378b96588e8afadc83635bef93d108730ea72ab8f78 The package chai-chain-async was found to contain malicious code. Source: ghsa-malware a3404961b3edc416f501bf5ec175f0bbb95a188e9f1210305c9e37783e6265...
MAL-2026-381 Malicious code in @mikudev/beles (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8f3ea49ac3a40f6d28d2ebc50e1ef196be3d37c05e88065ad5a537d0dd88d75 The package @mikudev/beles was found to contain malicious code. Source: ghsa-malware 6dee4521aa58cbf67cc78b5a73b5d991fc017469415884ca3286fb252743f2a7...
Malicious code in torbaileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10e4b08c935365c992a67e45fd75888de1262836188ca5a0246ba4bae988b713 The package torbaileys was found to contain malicious code. Source: ghsa-malware 477238eba8ca0f2c24ebb88b73089608a73fdc363b248e404b66acc829c0777d Any...
Malicious code in genki-analytics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e636da349bfd5c22a704e2651968ebd55878349304e3f3d69904853a440aa407 The package genki-analytics was found to contain malicious code. Source: ghsa-malware 791197b134fc48f105a6db2a597a13ea389bd70b75daa689a891a96ba1d251e...
Malicious code in recaptcha-cors (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79037ac310e3ba605ade8d6657ea9fd4d8261583079397795e7afccbf432a4fd The package recaptcha-cors was found to contain malicious code. Source: ghsa-malware 4936a94d5d7ed5509cecba8ba4b13b5d37ff1f114318c83e868dc6e5627818be...
MAL-2026-394 Malicious code in n8n-nodes-zl-vietts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2958734e09db17aba6589bb89622305f26fc83a16d475018b5ae88b694b9e4c The package n8n-nodes-zl-vietts was found to contain malicious code. Source: ghsa-malware...
CVE-2025-66803
Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...
Malicious code in mised-discordjs-selfbot-v14 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ef4b873f610d33783310bfb03753678bb9d0d93412063a29521d960c64c2af2 The package mised-discordjs-selfbot-v14 was found to contain malicious code. Source: ghsa-malware...
MAL-2026-363 Malicious code in pl-global-ec-uikit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 327cc69fee3f2500a3cf23d3c917935d3d7db124d0b7f3c136fead2f1d69f093 The package pl-global-ec-uikit was found to contain malicious code. Source: ghsa-malware...
MAL-2026-366 Malicious code in testing-package-bose (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf9cef522b7a8b6ce59335bbac80dcc488adedcd397bbc6b1e12816b4c54d170 The package testing-package-bose was found to contain malicious code. Source: ghsa-malware...
MAL-2026-355 Malicious code in dux-portal-privacy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0778d9354ebf0d92914de85f6574e0a28cb68ad89214b500706673ac9f20c4a7 The package dux-portal-privacy was found to contain malicious code. Source: ghsa-malware...
PT-2026-3642
Name of the Vulnerable Software and Affected Versions Hotwired Turbo versions prior to 8.0.0 Description A race condition exists in the turbo-frame element handler. This issue can cause logout operations to fail when delayed frame responses reapply session cookies after a user has logged out...
CVE-2025-66803
Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...
MAL-2026-337 Malicious code in chai-as-executed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39509cc9cca91e97ff74a0dbb0eb902c89e3736a5b96e6412d9334c70b1c315f The package chai-as-executed was found to contain malicious code. Source: ghsa-malware 29af27b0f184fca142866657489c6ea7170b3774985d5293e7136f1ae4f623...