20 matches found
MAL-2025-32502 Malicious code in rso-example-app (npm)
The package rso-example-app was found to contain malicious code...
Malicious code in rso-example-app (npm)
The package rso-example-app was found to contain malicious code...
Malicious code in example-app-node (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-654 Malicious code in example-app-node (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-87 Malicious code in example-app-next (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2be5a6457ed09a44d55d954a5176fe895a1cd866bf1ca6f3b6e20a105121f0ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in example-app-next (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2be5a6457ed09a44d55d954a5176fe895a1cd866bf1ca6f3b6e20a105121f0ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-221 Malicious code in cypress-typed-stubs-example-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d06bdef719edee1677bda9a46ae9d713bed145fb60b910c15f7260b2fca5b18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview flight-example-app is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
MAL-2022-2153 Malicious code in conjure-receipe-example-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc11915a916778452b6763c69c17c41c18485b0a60c687985bb7c5b677882e0b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in conjure-receipe-example-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc11915a916778452b6763c69c17c41c18485b0a60c687985bb7c5b677882e0b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in monday-example-app-word-cloud (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b3c3fffedb87defe8c507e9f81253886a350cf6996c70a678032c6a597cc6fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4674 Malicious code in monday-example-app-word-cloud (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b3c3fffedb87defe8c507e9f81253886a350cf6996c70a678032c6a597cc6fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
Authentication Bypass
openid is vulnerable to authentication bypass which can be exploitable remotely depending on the way the OpenID integration is performed. The risk can be higher if the integration is done fully based on the example app provided by the project...
GHSA-FQFJ-CMH6-HJ49 ruby-openid SSRF via claimed_id request
Ruby OpenID aka ruby-openid through 2.8.0 is vulnerable to SSRF. Ruby-openid performs discovery first, and then verification. This allows an attacker to change the URL used for discovery and trick the server into connecting to the URL, which might be a private server not publicly accessible...
CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
DEBIAN-CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
UBUNTU-CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...