Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

Malicious code in @dtpk-cc/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e0b1e4b6fe7f3d42a2752aea1642dd9191f6afeb4dcca96ef97a65b5af5cb192 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-14188 Malicious code in airbnb-es5 (npm)

The package airbnb-es5 was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 8210336cb16ae6428e936268a05b3f57769d39cfc48cbe662870575dc1faf80b This package installs a dependency hosted on a custom domain that runs an info...

Jenkins plugin Xooa 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

The vulnerability of the adminPushRules function in the Project-level Deploy Token Handler component of the software platform based on Git, which facilitates collaborative code development in GitLab. This vulnerability allows a malicious user to create deployment tokens at the project level.

The vulnerability of the adminPushRules function in the Project-level Deploy Token Handler component of the software platform based on Git for collaborative code development on GitLab is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to crea...

GitLab CE/EE Security Vulnerabilities

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE version 17.0 up to and includi...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE versions 14.2 through 15.2.5,...

Pterodactyl 跨站请求伪造漏洞

Pterodactyl is an open source game server management panel built using PHP, Nodejs and Go. A cross-site request forgery vulnerability exists in Pterodactyl, which stems from the lack of proper CSRF protection in the product's routing configuration. An attacker could exploit the vulnerability to...

GitLab Authorization Issues Vulnerability (CNVD-2020-57832)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab versions prior ...