4 matches found
Malicious code in environment-gate (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80dc74c6c5240e9c146e476300b44582cc114cf1827319ba81d2bcae2d64c2cf index.js contains a commented-out line that, if uncommented, would base64-decode the URL https://www.jsonkeeper.com/b/VKUNI, fetch its contents via...
MAL-2026-5743 Malicious code in environment-gate (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80dc74c6c5240e9c146e476300b44582cc114cf1827319ba81d2bcae2d64c2cf index.js contains a commented-out line that, if uncommented, would base64-decode the URL https://www.jsonkeeper.com/b/VKUNI, fetch its contents via...
MAL-2026-4781 Malicious code in unique-id-64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ab3b19e4bd1602de93ca092a5909f8b69927c01d5a690d3484116024dfc46e2 Package impersonates the well-known sindresorhus/unique-string utility: package.json copies the author block name 'Sindre Sorhus', email...
PT-2026-38304
Name of the Vulnerable Software and Affected Versions PraisonAI versions 4.5.139 through 4.6.31 Description A flaw exists in the multi-agent teams system where an import sink in praisonai/templates/tool override.py remains unguarded. This allows remote attackers to trigger arbitrary code executio...