938 matches found
Malicious Package
Overview python-env-auditor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview env-security-scanner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview defi-env-auditor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-4238 Malicious code in env-security-scanner (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dac5f39ed612b7e8d1796ce2d805972734f22bb8bb706fd2a703834cba20f0ea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4246 Malicious code in python-env-auditor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32ffd6ffbc7ab684cc6bd3dbbd29d4bb608f07ea2b9d2ffd460e95a279824699 Package fetches and executes a mutable, unpinned third-party npm package env-security-scanner@latest on every install and on every Python import. The...
org.apache.camel.k:camel-k-itests-knative (>=1.14.0 <=3.2.3), org.apache.camel.k:camel-k-itests-knative-consumer (>=1.14.0 <=3.2.3) +32 more potentially affected by CVE-2026-47323 via org.apache.camel:camel-knative (>=3.18.0 <=4.14.5)
org.apache.camel:camel-knative MAVEN version =3.18.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.15.2 and more Source cves: CVE-2026-47323 Source advisory:...
Malicious code in security-env-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf2b538ca6f5582ba25c054253f091eacca05571066d7237d6f693f23938e37c Package impersonates the popular dotenv library identical description and repo URL git://github.com/motdotla/dotenv.git and exposes a matching config...
MAL-2026-4665 Malicious code in security-env-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf2b538ca6f5582ba25c054253f091eacca05571066d7237d6f693f23938e37c Package impersonates the popular dotenv library identical description and repo URL git://github.com/motdotla/dotenv.git and exposes a matching config...
CVE-2026-45232
Rsync
Malicious code in @shadanai/openclaw (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0e2f02ab1bb3d99de1787ed7d69f1df97bd3b2d7c18cc8ba4e5f8688f649ce9 On npm install, scripts/postinstall.mjs performs several installer-harm actions. 1 Backdoor: writes /.openclaw/openclaw.json configuring a local...
Malicious Package
Overview safe-env-reader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-3825 Malicious code in safe-env-reader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad60c5cf4596544e0850900c3340d21c5fec76024a063c057b8b935b02366d4d The package safe-env-reader was found to contain malicious code. Source: ghsa-malware 8fc3e1ef0bee11b2c0e5cb99d3c821492232db6c715fd90cde09c74aa86b926...
Malicious Package
Overview secure-env-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in secure-env-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fb7787215b2967bfcddab47d96770b6d2ec2e1328ea2ef789e003aa53de4960 The package secure-env-loader was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3826 Malicious code in secure-env-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fb7787215b2967bfcddab47d96770b6d2ec2e1328ea2ef789e003aa53de4960 The package secure-env-loader was found to contain malicious code. Source: ghsa-malware...
OESA-2026-2324 python-dotenv security update
Python-dotenv reads key-value pairs from a .env file and can set them as environment variables. It helps in the development of applications following the 12-factor principles. Security Fixes: python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to...
Malicious code in env-threads (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfb511e0bf06367ec0341939aa68ee55859344c6ca6cb8d9f55f7e62cdcc8656 Package env-threads impersonates the legitimate dotenv package: its README, repository URL git://github.com/motdotla/dotenv.git, homepage, descriptio...
MAL-2026-3759 Malicious code in env-threads (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfb511e0bf06367ec0341939aa68ee55859344c6ca6cb8d9f55f7e62cdcc8656 Package env-threads impersonates the legitimate dotenv package: its README, repository URL git://github.com/motdotla/dotenv.git, homepage, descriptio...
Malicious code in node-ipc (npm)
Three versions of node-ipc 9.1.6, 9.2.3, 12.0.1 were published to npm on May 14, 2026 by a compromised maintainer account atiertant. Each version contains an identical 80KB obfuscated payload appended to node-ipc.cjs that steals over 100 categories of sensitive files SSH keys, cloud provider...
MAL-2026-3744 Malicious code in node-ipc (npm)
Three versions of node-ipc 9.1.6, 9.2.3, 12.0.1 were published to npm on May 14, 2026 by a compromised maintainer account atiertant. Each version contains an identical 80KB obfuscated payload appended to node-ipc.cjs that steals over 100 categories of sensitive files SSH keys, cloud provider...