Malicious code in @frontend-clients/design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7fe458099d7b7c0662a9f2283b87071d2afc98b120e402fc20ce916a5b5962ff The OpenSSF Package Analysis project identified '@frontend-clients/design-system' @ 10.0.0 npm as malicious. It is considered malicious because:...

MAL-2025-5175 Malicious code in test-package-vans (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 27c1fc3b6a086e894434a4bb93a7280083831b719de5259c00fa388ac3e4c1f4 The OpenSSF Package Analysis project identified 'test-package-vans' @ 1.1.1 npm as malicious. It is considered malicious because: - The package...

MAL-2025-5007 Malicious code in reoregistration (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 78444474811c971e219548f0c559d06bef5a4e4cb65703c5ad604ce64f3d0a4d The OpenSSF Package Analysis project identified 'reoregistration' @...

MAL-2025-4931 Malicious code in volehai-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 695b1f1647ff88855017c178d47ab04527b14c3817e9b4ed343c1220cc7b18df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4669 Malicious code in world-id-poap (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bdb64432a67fa7109c5ee4d1d5b94d0127eaedab876302eb3b246ae55b111498 The OpenSSF Package Analysis project identified 'world-id-poap' @ 1.0...

Malicious code in bombomfortester (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2119b099a99b02e77d8dffa997198ef3e58b31b1073e8d0d8ba4e56c36bf2cda The OpenSSF Package Analysis project identified 'bombomfortester' @ 9.9.9 npm as malicious. It is considered malicious because: - The package...

CVE-2024-52763

A cross-site scripting XSS vulnerability in the component /graphallperiods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter...

CVE-2022-3073

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser...

CVE-2010-4887

SQL injection vulnerability in the Commenting system Backend Module commentsbe extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2024-52887 Self-XSS

Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list...

Malicious code in studocu-extension-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b65c603a493cae2050aa25da30a9442d60b84baa80985df69af20af3e08fc9f6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2800 Malicious code in eqbank (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1cb4c6c3534c2743f4bda73f51a773076db5813a4a72f7117d73feb0475ce70c The OpenSSF Package Analysis project identified 'eqbank' @ 1.0.0 npm as malicious. It is considered malicious because: - The package communicate...

Malicious code in tree-sitter-erlang (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 712279ef7d69026b60fa7e5d9007249ac05502576b2a1164da1dbafca2be44f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2488 Malicious code in antlir2-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 580dffd4893c96ae46965b4244381b9fcc03d13cdd1cf32b89bb7a0eee2521e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1677 Malicious code in pages14.0.0_i18n (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eaed3f8870b4796bd4fc8667ec8911ddba466acaed945970ce6cf2f67e2630a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12115 Malicious code in distylai (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cc9a8e5f3990caec837683f3eb8d7da8675e47e9ba392de34e502182e6127349 The OpenSSF Package Analysis project identified 'distylai' @ 1.2.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-11896 Malicious code in haefgerasgrae (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c51eb8de5b4c76701af20deeb703ba85374c2036c17fd5bcd09b7b0233c6ae34 The OpenSSF Package Analysis project identified 'haefgerasgrae' @ 0.1.0 rubygems as malicious. It is considered malicious because: - The package...

MAL-2024-11797 Malicious code in testin-elengos (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a8b81d93eabbd732b074f3694f5d0bd4969f90c18eceb07c91c188cba1f26b5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in paypal-js-root (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c6775b74cea176b7aaff3429e4e55a224d9f03da9865a07c99940ff7f0cf1162 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in lib-jitsi-meet-sample (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0247e3f2877ee9dba4689c00ae13db004afaea694957dfb979bf3cfbd1ef9e31 The OpenSSF Package Analysis project identified 'lib-jitsi-meet-sample' @ 1.0.0 npm as malicious. It is considered malicious because: - The...