50 matches found
GO-2025-3810 Chall-Manager's scenario decoding process does not check for zip bombs in github.com/ctfer-io/chall-manager
Chall-Manager's scenario decoding process does not check for zip bombs in github.com/ctfer-io/chall-manager...
MAL-2025-5897 Malicious code in bk-card-cc-credit-limit-adjustment-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 839ee8572e063e7008de9939f5e66afdb87eb4083735168ee48b739ed54814d9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-FV92-FJC5-JJ9H vulnerabilities
Vulnerabilities for packages: tkn, jaeger, argo-events, gcsfuse, dataplaneapi, swagger, goreleaser, terraform-mcp-server, cluster-api, conftest, falcoctl, harbor-cli, thanos, flux-source-controller, terraform-provider-acme, tflint, pgtimetable, golangci-lint, trivy, boring-registry, docker-compos...
CVE-2024-51483
changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked. Version 0.47.5 fixes the...
MAL-2025-4373 Malicious code in mbm-dgacha (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 584950211093c6cada6fd340d94a5749b3ee5e10049a6d57b9d3f1c494050fa1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3993 Malicious code in foobarzazarazrarzarzararararara (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0cf0fab44a3abede823198bb1ae9cbb097566d6be7f51ec3168416a38e652681 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3872 Malicious code in arcademathjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 655da6e51b197ee6dc274cd7147f0488c545a7d83eb4626f78bacdd3d57d482b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3827 Malicious code in ethers-xdc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1291aba3d0c0f6309af00246cdf38a846604fabf82d9cc352bf51f42517b0e20 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3698 Malicious code in substrate-faucet (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c694048c1a8c1f3c9b8f183f75e0a9464e084cdaa8fc58c9a770190c4ab4824a Any computer that has this package installed or running should be considered...
MAL-2025-3561 Malicious code in customprefix-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af67fc99b5f6993bf42c27c8c407c6bee3e97d0f412d03ab30533470b86339d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3511 Malicious code in test-kaks3c (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 591289fef82efe1b6a54e8948561a76e1e42addd4e1b62fe61364c894640b6b9 The OpenSSF Package Analysis project identified 'test-kaks3c' @ 10.0.4 npm as malicious. It is considered malicious because: - The package...
MAL-2025-3166 Malicious code in stormapp765 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 04a681db538ae851a3f840e7771e9cfbf20b575dbe1f061c22a0d00e4b9b333c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3099 Malicious code in fivethirtyeight (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d85a317f633c161ef61f2ffd3d0cda992cf670bd7532a2ce875261ba067a39d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2885 Malicious code in loggercompanyab57ty (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-2690 Malicious code in miro-terms-banner-s3-uploader (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 03f414cb9ba131f7c282fb402bda0fd181018874345ee729525f90005f100e4e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2632 Malicious code in @sensort/common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea8b1441ce3b2e9b979e7562567a2633263870f02bd46c47cb35aa404908f26a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2358 Malicious code in airbnb-jitney-schemas (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d76706b4f731a72f676dcad6dd407e8944420bf6d13444362341eceb7adbac2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2312 Malicious code in expect-violations (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d98ae6c06bd6b1cd2115956a382b7cdd4a1901560535df9f8284ef29cb6a4550 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2172 Malicious code in fdc3-web-monorepo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ea3a43ef3e6b3ef461c23614ec97c2fdcb96b58abeac841b4ea929bbab9d2d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2110 Malicious code in latoken-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63cdcfe3b15d2c174d58b54998cf056643085f18de21eda41bd23e4cc3bed7a7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...