GHSA-27F5-XJRR-Q9FF Malware in @opensearch-project/opensearch

Overview The OpenSearch Project has sustained a security incident involving an external actor gaining force-push permissions within the project's CI infrastructure to embed malicious packages into four release versions of @opensearch-project/opensearch. Users are instructed to immediately take...

Malware in @opensearch-project/opensearch

Overview The OpenSearch Project has sustained a security incident involving an external actor gaining force-push permissions within the project's CI infrastructure to embed malicious packages into four release versions of @opensearch-project/opensearch. Users are instructed to immediately take...

MAL-2025-47885 Malicious code in helper-validator-identifier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0951c3ea5fbcafe74c05ac02d253d369e25a8cb9904f448f047a9c8b38d693f6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in restpilot (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea95902e229e600fed776ab58f9216738dd1db24c03890b9902da283f3413623 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-52312

Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments...

CVE-2024-52312

Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments...

CVE-2024-52312 data.all authenticated users can perform restricted operations against DataSets and Environments

Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments...

CVE-2024-52312 data.all authenticated users can perform restricted operations against DataSets and Environments

Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments...

CVE-2024-52312

CVE-2024-52312 affects data.all (open source framework). The issue stems from inconsistent authorization permissions that may allow an authenticated external actor to perform restricted operations on DataSets and Environments. Documents provide MEDIUM severity (CVSS 3.1/4.0) and describe the root...

Malicious code in scrollytell (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40462d3749786b44fff33179f342be72925a502d7feae9b058e04cadb739aa1e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...