2048 matches found
Malicious code in dc-testing (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5534b8254822e7e5f6e4ee2e6f748422783f8a2aebac5f16fca13c06af524468 The OpenSSF Package Analysis project identified 'dc-testing' @ 99.9.9 npm as malicious. It is considered malicious because: - The package...
AZL-49164 CVE-2024-43799 affecting package nodejs-nodemon 2.0.3-5
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...
Malicious code in video.min (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1b2a0713372942343830cd53ad3ad5ffe4dcf7e827523510ef79e32b38f67db3 The OpenSSF Package Analysis project identified 'video.min' @ 1.0.22 npm as malicious. It is considered malicious because: - The package...
Malicious code in balvant-chavda (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2a4352948540614eef450d227df439f2f1c0d1da030df382e59831548767f473 The OpenSSF Package Analysis project identified 'balvant-chavda' @ 1.8.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in mobileye-8-connect (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e7b3a006f16102113625364a266a513016fe138d66a4008fc548e6df97c1a9a8 The OpenSSF Package Analysis project identified 'mobileye-8-connect' @ 7.7.8 npm as malicious. It is considered malicious because: - The package...
Malicious code in ori-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b71bf5ca700406e224508f08266da2a443693d48eb216c3854de6be0d1451346 The OpenSSF Package Analysis project identified 'ori-poc' @ 1.0.3 npm as malicious. It is considered malicious because: - The package executes o...
Malicious code in ori-gabriel-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 80e4a738169f3040e2786d44f744d9646f6ae11d6b59e30d03c4edba106a7c2d The OpenSSF Package Analysis project identified 'ori-gabriel-test' @ 7.7.8 npm as malicious. It is considered malicious because: - The package...
Malicious code in snacks-design-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a8a3330ca1864b23cbe8bbc0eb833f73409c288067d5d19632ac829de559932 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in grpc-google-bigtable-v2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9640f0015404a6fff13b4e9bbb9e01d3d4f545a8ae8935dc95425a427c561576 Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...
Malicious code in vpro-dhhvc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 56f43c6522fd7a2abc67174033f767bb063ebcd28b01c047ea2bff8176b423f2 The OpenSSF Package Analysis project identified 'vpro-dhhvc' @ 1.999.0 npm as malicious. It is considered malicious because: - The package...
PT-2024-31385 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.10.1 Description: The issue allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author...
Malicious code in @desesap289/dev_dependency (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ac047c7ec6034e7a80c74ca32646da104b86b3f39c46f7f836deeebebeb53b20 The OpenSSF Package Analysis project identified '@desesap289/devdependency' @ 10.20.9 npm as malicious. It is considered malicious because: - Th...
Malicious code in @ep-mobile/icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8898d3fb5c1fead4de584f7a8099d3df0886074a50f328df051524976dda9be2 The OpenSSF Package Analysis project identified '@ep-mobile/icons' @ 99.99.99 npm as malicious. It is considered malicious because: - The packag...
Malicious code in td-emerald-standards (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b2f97f10309683aa0addae921845bdf8ce584670d8640544b7eeb2c41501e7af The OpenSSF Package Analysis project identified 'td-emerald-standards' @ 6.6.6 npm as malicious. It is considered malicious because: - The packa...
Malicious code in @google-research/retvecjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f7a64d316c75e0e53a3a525a50d591725648d0064b5f1d5c622b3c94ef5aaf30 The OpenSSF Package Analysis project identified '@google-research/retvecjs' @ 100.999.99 npm as malicious. It is considered malicious because: -...
Malicious code in artifact-lab-3-package-392c6acd (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ada0f9ebcf3f190d513b34099887d36ad38579e9c5b5d2004a8f0bff5565e100 Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...
Malicious code in gdpr-cookie-consent (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4b030241c0f342d263d8d7bb420da387e10189d78cc0201bb34cd2ac047d6764 The OpenSSF Package Analysis project identified 'gdpr-cookie-consent' @ 3.0.6 npm as malicious. It is considered malicious because: - The packag...
Malicious code in @taxify/city-borders (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 041f06eacb4e8e5ffe66ccd96009305833355630bf63940b876d7c7f3ce7bd55 The OpenSSF Package Analysis project identified '@taxify/city-borders' @ 10.0.0 npm as malicious. It is considered malicious because: - The...
Malicious code in @taxify/trippricing (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ea65d71551b4d01fb99a1bfe5236b0d5c80c0b566ae60d044b71857883f17b21 The OpenSSF Package Analysis project identified '@taxify/trippricing' @ 9.999.0 npm as malicious. It is considered malicious because: - The...
MAL-2024-7899 Malicious code in @taxify/smartpickups (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9d20e7ecf4639b1082be1a46fec756d84cc7d8fc35310af0e6af87e19879fcf7 The OpenSSF Package Analysis project identified '@taxify/smartpickups' @ 9.999.0 npm as malicious. It is considered malicious because: - The...