Malicious code in vite-config-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f824c077d7d2705d17dc29eba9a24ea8b51b93785bcf83fdfe639fc8f9bc581f package.json declares a postinstall hook node -e "require'./loader.js'" that auto-executes on every npm install. loader.js spawns a detached child No...

MAL-2026-5727 Malicious code in vite-config-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f824c077d7d2705d17dc29eba9a24ea8b51b93785bcf83fdfe639fc8f9bc581f package.json declares a postinstall hook node -e "require'./loader.js'" that auto-executes on every npm install. loader.js spawns a detached child No...

Malicious code in pyxis-config-eslint-plugin-exec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9039999becb8512da6baec8c9a9785c430ce5c276938dacaed4906dcbcde51d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2022-4612

Malicious code in bioql PyPI...

EUVD-2022-2644

Malicious code in bioql PyPI...

Jenkins Compuware Common Configuration Plugin vulnerable to Improper Restriction of XML External Entity Reference

Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to change the contents of the Topaz Workbench CLI home directory on agents to have Jenkins parse a crafted file that uses...

CVE-2022-41226

CVE-2022-41226 affects Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier. The connected sources confirm the root cause is that the plugin’s XML parser is not configured to mitigate XML External Entity (XXE) attacks. This can enable XXE in parsing XML data, with the documented impli...

Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin

Configuration as Code Plugin logs the changes it applies to the Jenkins system log. Secrets such as passwords should be masked i.e. replaced with asterisks in that log to prevent accidental disclosure. Configuration as Code Plugin inspects the type and looks for a field, getter, or constructor...

CVE-2020-2311

The vulnerability CVE-2020-2311 affects Jenkins AWS Global Configuration Plugin (versions 1.5 and earlier). The root cause is a missing permission check in an HTTP endpoint that processes form submissions, enabling attackers with Overall/Read permission to replace the global AWS configuration. Im...