browser-interaction-time-demo (=99.9.9) potentially affected by unknown CVE via browser-interaction-time-utils (=1.0.0)

browser-interaction-time-utils NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on browser-interaction-time-utils and may be impacted: - browser-interaction-time-demo =99.9.9 Source cves: unknown CVE Source advisory:...

browser-interaction-time-demo (=99.9.9) potentially affected by unknown CVE via browser-interaction-time-utils (=1.0.0)

browser-interaction-time-utils NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on browser-interaction-time-utils and may be impacted: - browser-interaction-time-demo =99.9.9 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3786...

MAL-2026-1196 Malicious code in demo-ip-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94f9378de5524843952c850c47aae7cc5373145c2b41032b764da720e9a0656f The package demo-ip-package was found to contain malicious code. Source: ghsa-malware 9377708b245cac5b751ac6dc75d9218b993bcb4cebed6f2049a542868f5df31...

MAL-2025-191523 Malicious code in privy-frames-v2-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50804c5abc715a96e6683f67c970ed8e06d949cce42d57ac7d8754c9633ad685 The package privy-frames-v2-demo was found to contain malicious code...

EUVD-2025-200046

Malicious code in privy-frames-v2-demo npm...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Malicious code in ros2-demo-py (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in my-first-pypi-demo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f789a8192ed7a62a0fa9327e495ac8ca2658ff556673ca8d207f7954204ec160 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-27842 Malicious code in npm-script-demo (npm)

The package npm-script-demo was found to contain malicious code...

Malicious code in api-shoppe-demo (npm)

The package api-shoppe-demo was found to contain malicious code...

Malicious code in so-demo (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in standard-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 28c17ceaf11f4d1d42e7dc07cb7ff6aa720f72bace56df5ec29fa3ac3368a514 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2711 Malicious code in standard-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 28c17ceaf11f4d1d42e7dc07cb7ff6aa720f72bace56df5ec29fa3ac3368a514 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11880 Malicious code in shoaib-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fb95e309abd17903fc4f82a78f56fa78a8e2e46cfa345d7356ed4a19c38c74f7 The OpenSSF Package Analysis project identified 'shoaib-demo' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in ory-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97e67d3893cb4ea477e80d85d47524af218e6579c6e04ed4037580b05b45060d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in meteor-uploadcare-widget-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 524e985710633866c8a77431e4ded18aa911c225db74bb40da3457894383be3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview kol-demo is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

bleve 安全漏洞

bleve is a modern text indexing library for Go. A security vulnerability exists in bleve versions after v0.1.0, which stems from the fact that the bleve/http package, which is primarily used for demonstration purposes, lacks exhaustive validation of user input as well as any authentication and...