Malicious code in expo-config-plugin-typescript (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b958f45e161e1906f12ed405d9d55379fea59c26416698f3ee264080de98a140 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4314 Malicious code in expo-config-plugin-typescript (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b958f45e161e1906f12ed405d9d55379fea59c26416698f3ee264080de98a140 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview expo-config-plugin-typescript is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2025-188309 Malicious code in node-config-phoenix-regulus-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d81c361ada3f219c47cdd46b1840251c77fe413829cd1bb0a4c630ac731f915 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-5960 Malicious code in tailwind-config-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6be9b05ac20a95e479566e244cf4bea92aa77281b365a4deea26727c50e08597 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in tailwind-config-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6be9b05ac20a95e479566e244cf4bea92aa77281b365a4deea26727c50e08597 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-41933

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Jenkins plugins Multiple Vulnerabilities (2022-12-07)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. CVE-2022-46682 - Jenki...

Cross-site Scripting in Jenkins Spring Config Plugin

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to change build display names. Spring Config Plugin 2.0.1 escapes build display names show...

GHSA-3RRX-364R-6WF6 Cross-site Scripting in Jenkins Spring Config Plugin

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to change build display names. Spring Config Plugin 2.0.1 escapes build display names show...

CVE-2022-46687

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to change build display names...

CVE-2022-46687

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to change build display names...

Cross site scripting

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to change build display names...

CVE-2022-46687

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to change build display names...

CVE-2022-46687

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to change build display names...

CVE-2022-46687

CVE-2022-46687 affects Jenkins Spring Config Plugin 2.0.0 and earlier. The vulnerability arises because build display names shown in the Spring Config view are not escaped, causing stored XSS when an attacker can modify those names. Affected versions: 2.0.0 and earlier. Mitigation: upgrade to 2.0...