Malicious Package

Overview deployment-key-auditor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Malicious code in deployment-key-auditor (npm)

A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...

MAL-2026-4206 Malicious code in deployment-key-auditor (npm)

A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...

GitLab Access Control Error Vulnerability

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from an Access Control Error vulnerability that stems from a...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from a deleted project...

PT-2023-19968 · Nokia · Nokia Airscale Asika Single Ran

Name of the Vulnerable Software and Affected Versions: NOKIA Airscale ASIKA Single RAN devices versions prior to 21B Description: An issue was discovered where Nokia Single RAN commissioning procedures do not change the default SSH public/private key values that are specific to a network operator...

GitLab CE/EE 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE that stems from improper acces...

GitLab: CSP-bypass XSS in project settings page

Summary This javascript function is vulnerable: javascript deployKeyRowHtmlkey, isActive const isActiveClass = isActive || ''; return $key.title $sprintf 'Owned by %imagetag', imagetag: , , false, $escape key.fullname, $key.username ; It is used to render a deployment key in a dropdown item...