Lucene search
K

4 matches found

Snyk
Snyk
added 2026/05/22 2:43 a.m.13 views

Malicious Package

Overview credential-verification-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2025/11/11 7:44 a.m.0 views

MAL-2025-101311 Malicious code in delicious_cricket-appteadev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c844b7bb9a7b8543413bd39ad20aab37c40893ffb079b4efc22c9bb1151d6198 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
PyPA
PyPA
added 2025/09/17 12:15 p.m.11 views

PYSEC-2025-153

A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via...

9.3CVSS7.5AI score0.00761EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/17 11:33 a.m.4 views

CVE-2025-10157 PickleScan Bypasses Unsafe Globals Check Using Submodule Imports

A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via...

9.3CVSS6.5AI score0.00761EPSS
Exploits1References3
Rows per page
Query Builder