Lucene search
K

938 matches found

Snyk
Snyk
added 2026/05/22 2:43 a.m.15 views

Malicious Package

Overview python-env-auditor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/22 2:42 a.m.9 views

Malicious Package

Overview env-security-scanner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/22 2:42 a.m.12 views

Malicious Package

Overview defi-env-auditor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/22 2:42 a.m.7 views

MAL-2026-4238 Malicious code in env-security-scanner (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dac5f39ed612b7e8d1796ce2d805972734f22bb8bb706fd2a703834cba20f0ea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/22 1:53 a.m.8 views

MAL-2026-4246 Malicious code in python-env-auditor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32ffd6ffbc7ab684cc6bd3dbbd29d4bb608f07ea2b9d2ffd460e95a279824699 Package fetches and executes a mutable, unpinned third-party npm package env-security-scanner@latest on every install and on every Python import. The...

6.2AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/20 3:35 p.m.5 views

org.apache.camel.k:camel-k-itests-knative (>=1.14.0 <=3.2.3), org.apache.camel.k:camel-k-itests-knative-consumer (>=1.14.0 <=3.2.3) +32 more potentially affected by CVE-2026-47323 via org.apache.camel:camel-knative (>=3.18.0 <=4.14.5)

org.apache.camel:camel-knative MAVEN version =3.18.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.15.2 and more Source cves: CVE-2026-47323 Source advisory:...

9.8CVSS5.5AI score0.01425EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 4:53 a.m.11 views

Malicious code in security-env-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf2b538ca6f5582ba25c054253f091eacca05571066d7237d6f693f23938e37c Package impersonates the popular dotenv library identical description and repo URL git://github.com/motdotla/dotenv.git and exposes a matching config...

5.7AI score
Exploits0References2
OSV
OSV
added 2026/05/20 4:53 a.m.7 views

MAL-2026-4665 Malicious code in security-env-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf2b538ca6f5582ba25c054253f091eacca05571066d7237d6f693f23938e37c Package impersonates the popular dotenv library identical description and repo URL git://github.com/motdotla/dotenv.git and exposes a matching config...

5.7AI score
Exploits0References2
CVE
CVE
added 2026/05/20 12:45 a.m.18 views

CVE-2026-45232

Rsync

3.7CVSS5.8AI score0.00337EPSS
Exploits0References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 6:5 p.m.17 views

Malicious code in @shadanai/openclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0e2f02ab1bb3d99de1787ed7d69f1df97bd3b2d7c18cc8ba4e5f8688f649ce9 On npm install, scripts/postinstall.mjs performs several installer-harm actions. 1 Backdoor: writes /.openclaw/openclaw.json configuring a local...

6.2AI score
Exploits0References3
Snyk
Snyk
added 2026/05/18 9:10 a.m.8 views

Malicious Package

Overview safe-env-reader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/18 9:10 a.m.7 views

MAL-2026-3825 Malicious code in safe-env-reader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad60c5cf4596544e0850900c3340d21c5fec76024a063c057b8b935b02366d4d The package safe-env-reader was found to contain malicious code. Source: ghsa-malware 8fc3e1ef0bee11b2c0e5cb99d3c821492232db6c715fd90cde09c74aa86b926...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/05/18 9:10 a.m.9 views

Malicious Package

Overview secure-env-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/18 9:10 a.m.12 views

Malicious code in secure-env-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fb7787215b2967bfcddab47d96770b6d2ec2e1328ea2ef789e003aa53de4960 The package secure-env-loader was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/18 9:10 a.m.9 views

MAL-2026-3826 Malicious code in secure-env-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fb7787215b2967bfcddab47d96770b6d2ec2e1328ea2ef789e003aa53de4960 The package secure-env-loader was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/15 2:1 p.m.9 views

OESA-2026-2324 python-dotenv security update

Python-dotenv reads key-value pairs from a .env file and can set them as environment variables. It helps in the development of applications following the 12-factor principles. Security Fixes: python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to...

6.6CVSS5.9AI score0.00236EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 7:24 p.m.14 views

Malicious code in env-threads (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfb511e0bf06367ec0341939aa68ee55859344c6ca6cb8d9f55f7e62cdcc8656 Package env-threads impersonates the legitimate dotenv package: its README, repository URL git://github.com/motdotla/dotenv.git, homepage, descriptio...

6.3AI score
Exploits0References1
OSV
OSV
added 2026/05/14 7:24 p.m.7 views

MAL-2026-3759 Malicious code in env-threads (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfb511e0bf06367ec0341939aa68ee55859344c6ca6cb8d9f55f7e62cdcc8656 Package env-threads impersonates the legitimate dotenv package: its README, repository URL git://github.com/motdotla/dotenv.git, homepage, descriptio...

6.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 4:53 p.m.14 views

Malicious code in node-ipc (npm)

Three versions of node-ipc 9.1.6, 9.2.3, 12.0.1 were published to npm on May 14, 2026 by a compromised maintainer account atiertant. Each version contains an identical 80KB obfuscated payload appended to node-ipc.cjs that steals over 100 categories of sensitive files SSH keys, cloud provider...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/05/14 4:53 p.m.8 views

MAL-2026-3744 Malicious code in node-ipc (npm)

Three versions of node-ipc 9.1.6, 9.2.3, 12.0.1 were published to npm on May 14, 2026 by a compromised maintainer account atiertant. Each version contains an identical 80KB obfuscated payload appended to node-ipc.cjs that steals over 100 categories of sensitive files SSH keys, cloud provider...

5.8AI score
Exploits0References6
Rows per page
Query Builder