21 matches found
Malicious Package
Overview docusaurus-plugin-launchdarkly is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...
MAL-2026-735 Malicious code in docusaurus-plugin-launchdarkly (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e875ce6b5b0d95c7100cdba68bed891c712b414716f07147e6a3f04f4f9b4789 The package docusaurus-plugin-launchdarkly was found to contain malicious code. Source: ghsa-malware...
Malicious code in docusaurus-plugin-launchdarkly (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e875ce6b5b0d95c7100cdba68bed891c712b414716f07147e6a3f04f4f9b4789 The package docusaurus-plugin-launchdarkly was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190956 Malicious code in docusaurus-plugin-vanilla-extract (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2659e389b89fcdf1fe723b544962764d4f2881cae9694dc4107fbbb4ec077328 The package docusaurus-plugin-vanilla-extract was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199087
Malicious code in docusaurus-plugin-vanilla-extract npm...
Malicious code in docusaurus-plugin-vanilla-extract (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2659e389b89fcdf1fe723b544962764d4f2881cae9694dc4107fbbb4ec077328 The package docusaurus-plugin-vanilla-extract was found to contain malicious code. Source: ghsa-malware...
MAL-2025-141671 Malicious code in docusaurus-optimize-css-assets-webpack-plugin-vortex-json (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fdaf001656f0e8395e386cb55cbb4a6a0e6fbc5feece1f143c58a49d9e4aa760 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-114443
Malicious code in docusaurus-html-webpack-plugin-jovian-geckodriver npm...
GHSA-QF34-QPR4-5PPH docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token
GitHub Personal Access Token Exposure in docusaurus-plugin-content-gists Summary docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for...
CVE-2025-53624
The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...
CVE-2025-53624 docusaurus-plugin-content-gists Exposes GitHub Personal Access Token
The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...
CVE-2025-53624 docusaurus-plugin-content-gists Exposes GitHub Personal Access Token
The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...
PT-2025-28964 · Unknown · Docusaurus-Plugin-Content-Gists
Name of the Vulnerable Software and Affected Versions: docusaurus-plugin-content-gists versions prior to 4.0.0 Description: The Docusaurus gists plugin displays public gists of a GitHub user on a Docusaurus instance. Versions prior to 4.0.0 inadvertently include GitHub Personal Access Tokens in...
MAL-2023-8611 Malicious code in docusaurus-plugin-matamohnhb (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e0b5b41d16d3e36f98cc25eaf6597bab9798a9b8838ff2e483cc58768a151188 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in docusaurus-plugin-matamohnhb (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e0b5b41d16d3e36f98cc25eaf6597bab9798a9b8838ff2e483cc58768a151188 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8610 Malicious code in docusaurus-plugin-matamoh (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2587fce317c90b4371750f6dc2bd4c7d9ea86770d868b63eabf68afc96029c02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in docusaurus-plugin-matamoh (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2587fce317c90b4371750f6dc2bd4c7d9ea86770d868b63eabf68afc96029c02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in docusaurus-plugin-matamo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 28359b531d33ddceeca08244c1765d683b6b9256b420d2ffd6e6bac9e3ed8f3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-1010 Malicious code in docusaurus-plugin-matamo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 28359b531d33ddceeca08244c1765d683b6b9256b420d2ffd6e6bac9e3ed8f3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2553 Malicious code in docusaurus-plugin-name (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 232063f9bf78828e30e0c8bb7374c02a90b0a6bf29118093c955b5412deadddf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...