19 matches found
Malicious Package
Overview @t-in-one/applicationidstoragekeytoken is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...
Malicious code in do-not-install-this-package-002 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dc0f1ed2645f37e4b8df59ccca64288a02f6cc07009489c54565dfc5b0089f19 During installation, the package exfiltrates env variables and data from different process memory to a remote location --- Category: MALICIOUS - The campaign h...
EUVD-2026-1619
Malicious code in do-not-install-this-package-002 PyPI...
MAL-2026-163 Malicious code in do-not-install-this-package-002 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dc0f1ed2645f37e4b8df59ccca64288a02f6cc07009489c54565dfc5b0089f19 During installation, the package exfiltrates env variables and data from different process memory to a remote location --- Category: MALICIOUS - The campaign h...
MAL-2025-192387 Malicious code in do-not-install-this-package-001 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 27c17335ba5378258efc5d22274e8104e45a493eec51d60d0adbeb9c4f627714 Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...
EUVD-2025-201914
Malicious code in do-not-install-this-package-001 PyPI...
Malicious Package
Overview orvlllcj is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Do Not Install Python 2
The EOL for Python 2 was reached on January 1, 2020, and there will be no updates and maintenance. If you continue to use Python 2, the system attack surface may be expanded, and system vulnerabilities and attack risks may increase. Therefore, do not use Python 2. If Python is required, you are...
Malicious code in malicious-do-not-install (npm)
The package malicious-do-not-install was found to contain malicious code...
MAL-2025-25806 Malicious code in malicious-do-not-install (npm)
The package malicious-do-not-install was found to contain malicious code...
Do Not Enable the LDAP Service
Lightweight Directory Access Protocol LDAP is a protocol that provides access control and is used to maintain distributed directory information. The LDAP service increases system resource usage and expands the attack surface. If the LDAP service is not required, do not install the LDAP service. T...
Do Not Install Network Sniffing Tools
If network sniffing tools exist in the production environment, attackers may use them for network analysis and attacks. Therefore, in the production environment, do not install network sniffing, packet capturing, or analysis tools, such as tcpdump, Ethereal, and Wireshark. SPDX-FileCopyrightText:...
Do Not Install the FTP Client
File Transfer Protocol FTP is used for file transfer between a Linux server and other servers, desktop systems, as well as terminal devices. FTP does not support encrypted transmission. As a result, data can be easily stolen by attackers during transmission. Therefore, do not install FTP clients ...
Do Not Install the rsync Service
The rsync service can synchronize data between servers or between local drive partitions. However, information leakage risks exist because rsync uses non-encrypted transmission protocols. If the rsync service is enabled and data is transmitted between servers over the network, attackers can...
Malicious code in do-not-install-ecb1029ca (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9587 Malicious code in do-not-install-ecb1029ca (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in @eb1a3227cdc3fedbaec2fe38bf6c044a/do-not-install (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bdcabc89fbe9445cec97807348daae0666fd0917642c57162147d5df81333a88 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-GC94-6W89-HPQR Command Injection in fs-path
All versions of fs-path are vulnerable to command injection is unsanitized user input is passed in. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is available...
GHSA-7JFH-2XC9-CCV7 Cross-Site Scripting in public
All versions of public are vulnerable to stored cross-site scripting XSS. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this module at this time...