MAL-2026-1516 Malicious code in es6-recommended (npm)

The package 'es6-recommended' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in es6-recommended (npm)

The package 'es6-recommended' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

EUVD-2026-1374

Malicious code in sort-imports-es6-autofix npm...

MAL-2025-17124 Malicious code in client-hooks-eslint-es6 (npm)

The package client-hooks-eslint-es6 was found to contain malicious code...

MAL-2025-22050 Malicious code in gulp-es6-browserfy-boilerplate (npm)

The package gulp-es6-browserfy-boilerplate was found to contain malicious code...

Malicious code in es6-module-package (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ba0c43a1f7b9408d4c635c3862281a3d3c970336ed789bd8a02920546e626da Any computer that has this package installed or running should be considered...

CryptoES Security Vulnerability

CryptoES is a library of cryptographic algorithms compatible with ES6 and TypeScript. A security vulnerability exists in CryptoES that stems from the use of an insecure cryptographic hash algorithm...

Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. A security vulnerability exists in Cesanta MJS mJS: Restricted JavaScript engine...

PT-2022-10233 · Mjs · Mjs

Name of the Vulnerable Software and Affected Versions: mjs affected versions not specified Description: An issue was discovered in mjs, a Restricted JavaScript engine, affecting ES6 JavaScript version 6. The problem lies in memory leaks within the frozen cb function in mjs.c. Recommendations: At...

Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. A security vulnerability exists in Cesanta MJS mJS: Restricted JavaScript engine...

Cesanta MJS 代码问题漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. A security vulnerability exists in Cesanta MJS mJS: Restricted JavaScript engine...

UBUNTU-CVE-2015-4478

Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method...