Malicious code in donuts.node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9bd852600a317ae1df99af9e6cede53d3f54d36b9a400ca672eff6a7146818a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-41274 Malicious code in nextjs14-approuter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 73539e0dd962fbad2bd7a634bd17a7406d5df3f1c282a29c376d97121625b95f The OpenSSF Package Analysis project identified 'nextjs14-approuter' @ 9.0.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in nextjs14-approuter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 73539e0dd962fbad2bd7a634bd17a7406d5df3f1c282a29c376d97121625b95f The OpenSSF Package Analysis project identified 'nextjs14-approuter' @ 9.0.1 npm as malicious. It is considered malicious because: - The package...

MAL-2025-41273 Malicious code in parabol-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 74ca7b873b936a65f847ef390b0cbe34ceb97ba32b0153888623b60c61f4b335 The OpenSSF Package Analysis project identified 'parabol-client' @ 9.1.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in @listr1/prompt-adapter-inquirer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 62c9103dcee0afbfa63c69bae22ac8f4e415daef3fcb2610b84d8278b1732f5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-41269 Malicious code in @listr1/prompt-adapter-inquirer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 62c9103dcee0afbfa63c69bae22ac8f4e415daef3fcb2610b84d8278b1732f5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-41268 Malicious code in api-react125 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d2f6ad3f3d48477a940b0ade2ae623d9001486fb2dee5c4f448fa429a9165879 The OpenSSF Package Analysis project identified 'api-react125' @ 99.0.9 npm as malicious. It is considered malicious because: - The package...

Malicious code in api-react125 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d2f6ad3f3d48477a940b0ade2ae623d9001486fb2dee5c4f448fa429a9165879 The OpenSSF Package Analysis project identified 'api-react125' @ 99.0.9 npm as malicious. It is considered malicious because: - The package...

Malicious code in api-react12 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 374907a2a16eece2c53ad49cdf418645492c72660b5bf4ae22a0ce80d08145d9 The OpenSSF Package Analysis project identified 'api-react12' @ 99.0.9 npm as malicious. It is considered malicious because: - The package...

MAL-2025-41267 Malicious code in api-react12 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 374907a2a16eece2c53ad49cdf418645492c72660b5bf4ae22a0ce80d08145d9 The OpenSSF Package Analysis project identified 'api-react12' @ 99.0.9 npm as malicious. It is considered malicious because: - The package...

CVE-2010-20120

Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers...

CVE-2025-55104 BUG-000173918 - ArcGIS Enterprise Sites has a security vulnerability.

A stored cross-site scripting XSS vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute ...

Malicious code in sdp-transform-parser (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d6f0bf5deb53b6f1424914462ad86d16738a1118a744d709e3e37abaf8907134 The OpenSSF Package Analysis project identified 'sdp-transform-parser...

MAL-2025-41264 Malicious code in sdp-transform-writer (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5a7fe67cbf547a37aaa2286e629788d404dbcc306a63bd6edbd4101513e27138 The OpenSSF Package Analysis project identified 'sdp-transform-writer...

Malicious code in @navancorp/fe-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85c47c473abe59dd1714ed889d2aba7ac40eb668ba9cb8bc5fcc0a11f33c69e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-41423 Malicious code in @navancorp/angular-web-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c94679c1658a3cfefa49daf06a90a50daeb480069b754976a6f72efa2e4e1d44 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-41426 Malicious code in @navancorp/icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00d23863df2bb18ff4d7478d9d974206ad5e1959e64da8883e6623a5747b4ad3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-41260 Malicious code in catflix (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d0f682b0d66f1100534a823b754c3bc096ac54a5142489698fc5589813699d9e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in solana-fb (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0839c4c8b190db2ec7281e182850ddeb8cf94eec0450921f406255674f1c2470 The OpenSSF Package Analysis project identified 'solana-fb' @ 1.2.2 npm as malicious. It is considered malicious because: - The package executes...

Malicious code in testnpm369420 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f95d0c4a710a2f6a2f8a29a9284d21da506dbbd15c745165497b7761275bccd2 The OpenSSF Package Analysis project identified 'testnpm369420' @...