Lucene search
K

1006 matches found

Snyk
Snyk
added 2026/02/04 5:11 a.m.1 views

Malicious Package

Overview dotenv-embedded is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/04 5:11 a.m.13 views

Malicious code in dotenv-embedded (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07a4c23212d813ad58db347e1a5a152b003e1085b18036f047755d05de52fe0b The package dotenv-embedded was found to contain malicious code. Source: ghsa-malware bf0cfff747361e3a51fbd35f3018e05312b4bd030890362b89821789ab2adb5...

5.4AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 12:0 a.m.4 views

CVE-2025-70841

Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...

10CVSS5.5AI score0.00383EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/28 2:56 p.m.3 views

Malicious Package

Overview dotenv-embed is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/28 2:56 p.m.9 views

Malicious code in dotenv-embed (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bbecb8b9bb96fcd71af0764df5106d8163ccb94c21960bf858383ab85d10308 The package dotenv-embed was found to contain malicious code. Source: ghsa-malware eb5a7942b654b4da1fb16e67f19ca82b3b52c4fcce4db85e9d5596571651c6b7 A...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/01/28 2:56 p.m.6 views

MAL-2026-589 Malicious code in dotenv-embed (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bbecb8b9bb96fcd71af0764df5106d8163ccb94c21960bf858383ab85d10308 The package dotenv-embed was found to contain malicious code. Source: ghsa-malware eb5a7942b654b4da1fb16e67f19ca82b3b52c4fcce4db85e9d5596571651c6b7 A...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/01/21 4:51 a.m.2 views

Malicious Package

Overview dotenv-expanded is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
OSV
OSV
added 2026/01/21 4:51 a.m.4 views

MAL-2026-415 Malicious code in dotenv-expanded (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9e36cd005779e12b645b7ec5f6e65df1edae7c6d86736507cd1feacec1ef7cf The package dotenv-expanded was found to contain malicious code. Source: ghsa-malware 8c545865cdbec4a05b0f51103dd3560d60c3f43b818465e4a935a47bf84078d...

5.5AI score
Exploits0References1
EUVD
EUVD
added 2026/01/21 4:51 a.m.8 views

EUVD-2026-3715

Malicious code in dotenv-expanded npm...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/21 4:51 a.m.10 views

Malicious code in dotenv-expanded (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9e36cd005779e12b645b7ec5f6e65df1edae7c6d86736507cd1feacec1ef7cf The package dotenv-expanded was found to contain malicious code. Source: ghsa-malware 8c545865cdbec4a05b0f51103dd3560d60c3f43b818465e4a935a47bf84078d...

5.5AI score
Exploits0References1
Snyk
Snyk
added 2026/01/09 2:55 a.m.1 views

Malicious Package

Overview dotenv-intended is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/09 2:55 a.m.9 views

Malicious code in dotenv-intended (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 321eaa257985bd47bbf31b2f7ccdaef2df5b424b7b257400a48140ef6029e670 The package dotenv-intended was found to contain malicious code. Source: ghsa-malware df2195d5589f3e44d82053db7cd9ae186dfd168b35c9db8f97baa29f0c63612...

6.9AI score
Exploits0References1
EUVD
EUVD
added 2026/01/09 2:55 a.m.6 views

EUVD-2026-1833

Malicious code in dotenv-intended npm...

6.6AI score
Exploits0References1
OSV
OSV
added 2026/01/09 2:55 a.m.8 views

MAL-2026-174 Malicious code in dotenv-intended (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 321eaa257985bd47bbf31b2f7ccdaef2df5b424b7b257400a48140ef6029e670 The package dotenv-intended was found to contain malicious code. Source: ghsa-malware df2195d5589f3e44d82053db7cd9ae186dfd168b35c9db8f97baa29f0c63612...

6.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/23 4:58 p.m.5 views

Malicious code in dotenv-extend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b36b33fa03b9dafefe167d7891f649dc39ac77a18a67a25c44d0d647dd3518e9 The package dotenv-extend was found to contain malicious code. Source: ghsa-malware 7ef0bc2453e5610efd0011a08cecb1021a4d5a38aee276a269ad3185bb40925a...

6.9AI score
Exploits0References1
EUVD
EUVD
added 2025/12/23 4:58 p.m.3 views

EUVD-2025-204881

Malicious code in dotenv-extend npm...

6.6AI score
Exploits0References1
Snyk
Snyk
added 2025/12/23 4:58 p.m.1 views

Malicious Package

Overview dotenv-extend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/12/23 4:58 p.m.3 views

MAL-2025-192743 Malicious code in dotenv-extend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b36b33fa03b9dafefe167d7891f649dc39ac77a18a67a25c44d0d647dd3518e9 The package dotenv-extend was found to contain malicious code. Source: ghsa-malware 7ef0bc2453e5610efd0011a08cecb1021a4d5a38aee276a269ad3185bb40925a...

6.8AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/12/18 6:49 p.m.7 views

Storybook manager bundle may expose environment variables during build

On December 11th, the Storybook team received a responsible disclosure alerting them to a potential vulnerability in certain built and published Storybooks. The vulnerability is a bug in how Storybook handles environment variables defined in a .env file, which could, in specific circumstances, le...

7.3CVSS6.4AI score0.00235EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/17 10:26 p.m.6 views

CVE-2025-68429 Storybook manager bundle may expose environment variables during build

Storybook is a frontend workshop for building user interface components and pages in isolation. A vulnerability present starting in versions 7.0.0 and prior to versions 7.6.21, 8.6.15, 9.1.17, and 10.1.10 relates to Storybook’s handling of environment variables defined in a .env file, which could...

7.3CVSS6.3AI score0.00235EPSS
Exploits0References4
Rows per page
Query Builder