Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2018/11/01 2:47 p.m.22 views

node-tkinter is malware

The node-tkinter package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

7.5CVSS7.3AI score0.01083EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/10 5:28 p.m.21 views

mongose is malware

The mongose package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concern...

7.5CVSS7.3AI score0.01239EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2018/08/29 11:19 p.m.19 views

GHSA-QJ73-V688-WQXF Hijacked Environment Variables in proxy.js

The proxy.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concer...

7.5CVSS7.6AI score0.01123EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2018/08/27 7:7 p.m.22 views

Shadowsock is malware

The shadowsock package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

7.5CVSS7.3AI score0.01123EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/08/06 9:41 p.m.10 views

GHSA-6FJR-M7V6-FPG9 jquey is malware

The jquey package is malware that attempts to discover and exfiltrate sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found jquey installed in your...

7.5CVSS7.6AI score0.01123EPSS
Exploits0References3
Rows per page
Query Builder