1006 matches found
Malicious Package
Overview dotenv-embedded is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in dotenv-embedded (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07a4c23212d813ad58db347e1a5a152b003e1085b18036f047755d05de52fe0b The package dotenv-embedded was found to contain malicious code. Source: ghsa-malware bf0cfff747361e3a51fbd35f3018e05312b4bd030890362b89821789ab2adb5...
CVE-2025-70841
Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...
Malicious Package
Overview dotenv-embed is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in dotenv-embed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bbecb8b9bb96fcd71af0764df5106d8163ccb94c21960bf858383ab85d10308 The package dotenv-embed was found to contain malicious code. Source: ghsa-malware eb5a7942b654b4da1fb16e67f19ca82b3b52c4fcce4db85e9d5596571651c6b7 A...
MAL-2026-589 Malicious code in dotenv-embed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bbecb8b9bb96fcd71af0764df5106d8163ccb94c21960bf858383ab85d10308 The package dotenv-embed was found to contain malicious code. Source: ghsa-malware eb5a7942b654b4da1fb16e67f19ca82b3b52c4fcce4db85e9d5596571651c6b7 A...
Malicious Package
Overview dotenv-expanded is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-415 Malicious code in dotenv-expanded (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9e36cd005779e12b645b7ec5f6e65df1edae7c6d86736507cd1feacec1ef7cf The package dotenv-expanded was found to contain malicious code. Source: ghsa-malware 8c545865cdbec4a05b0f51103dd3560d60c3f43b818465e4a935a47bf84078d...
EUVD-2026-3715
Malicious code in dotenv-expanded npm...
Malicious code in dotenv-expanded (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9e36cd005779e12b645b7ec5f6e65df1edae7c6d86736507cd1feacec1ef7cf The package dotenv-expanded was found to contain malicious code. Source: ghsa-malware 8c545865cdbec4a05b0f51103dd3560d60c3f43b818465e4a935a47bf84078d...
Malicious Package
Overview dotenv-intended is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in dotenv-intended (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 321eaa257985bd47bbf31b2f7ccdaef2df5b424b7b257400a48140ef6029e670 The package dotenv-intended was found to contain malicious code. Source: ghsa-malware df2195d5589f3e44d82053db7cd9ae186dfd168b35c9db8f97baa29f0c63612...
EUVD-2026-1833
Malicious code in dotenv-intended npm...
MAL-2026-174 Malicious code in dotenv-intended (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 321eaa257985bd47bbf31b2f7ccdaef2df5b424b7b257400a48140ef6029e670 The package dotenv-intended was found to contain malicious code. Source: ghsa-malware df2195d5589f3e44d82053db7cd9ae186dfd168b35c9db8f97baa29f0c63612...
Malicious code in dotenv-extend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b36b33fa03b9dafefe167d7891f649dc39ac77a18a67a25c44d0d647dd3518e9 The package dotenv-extend was found to contain malicious code. Source: ghsa-malware 7ef0bc2453e5610efd0011a08cecb1021a4d5a38aee276a269ad3185bb40925a...
EUVD-2025-204881
Malicious code in dotenv-extend npm...
Malicious Package
Overview dotenv-extend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2025-192743 Malicious code in dotenv-extend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b36b33fa03b9dafefe167d7891f649dc39ac77a18a67a25c44d0d647dd3518e9 The package dotenv-extend was found to contain malicious code. Source: ghsa-malware 7ef0bc2453e5610efd0011a08cecb1021a4d5a38aee276a269ad3185bb40925a...
Storybook manager bundle may expose environment variables during build
On December 11th, the Storybook team received a responsible disclosure alerting them to a potential vulnerability in certain built and published Storybooks. The vulnerability is a bug in how Storybook handles environment variables defined in a .env file, which could, in specific circumstances, le...
CVE-2025-68429 Storybook manager bundle may expose environment variables during build
Storybook is a frontend workshop for building user interface components and pages in isolation. A vulnerability present starting in versions 7.0.0 and prior to versions 7.6.21, 8.6.15, 9.1.17, and 10.1.10 relates to Storybook’s handling of environment variables defined in a .env file, which could...