Lucene search
K

10 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in flatmap-stream (npm)

The package flatmap-stream was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-20690 Malicious code in flatmap-stream (npm)

The package flatmap-stream was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2020/09/01 9:21 p.m.14 views

GHSA-9X64-5R7X-2Q53 Malicious Package in flatmap-stream

Version 0.1.1 of flatmap-stream is considered malicious. This module runs an encrypted payload targeting a very specific application, copay and because they shared the same description it would have likely worked for copay-dash. The injected code: - Read in AES encrypted data from a file disguise...

9.8CVSS7.1AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2020/09/01 9:21 p.m.50 views

Malicious Package in flatmap-stream

Version 0.1.1 of flatmap-stream is considered malicious. This module runs an encrypted payload targeting a very specific application, copay and because they shared the same description it would have likely worked for copay-dash. The injected code: - Read in AES encrypted data from a file disguise...

1.5AI score
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2018/11/27 7:58 a.m.2 views

Rogue Developer Infects Widely Used NodeJS Module to Steal Bitcoins

A widely used third-party NodeJS module with nearly 2 million downloads a week was compromised after one of its open-source contributor gone rogue, who infected it with a malicious code that was programmed to steal funds stored in Bitcoin wallet apps. The Node.js library in question is...

6.7AI score
Exploits0
OSV
OSV
added 2018/11/26 11:58 p.m.10 views

GHSA-MH6F-8J2X-4483 Critical severity vulnerability that affects event-stream and flatmap-stream

The NPM package flatmap-stream is considered malicious. A malicious actor added this package as a dependency to the NPM event-stream package in version 3.3.6. Users of event-stream are encouraged to downgrade to the last non-malicious version, 3.3.4, or upgrade to the latest 4.x version. Users of...

9.8CVSS7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2018/11/26 11:58 p.m.41 views

Critical severity vulnerability that affects event-stream and flatmap-stream

The NPM package flatmap-stream is considered malicious. A malicious actor added this package as a dependency to the NPM event-stream package in version 3.3.6. Users of event-stream are encouraged to downgrade to the last non-malicious version, 3.3.4, or upgrade to the latest 4.x version. Users of...

4.7AI score
Exploits0References2Affected Software2
Node.js
Node.js
added 2018/11/26 6:32 p.m.16 views

Malicious Package

Overview Version 0.1.1 of flatmap-stream is considered malicious. This module runs an encrypted payload targeting a very specific application, copay and because they shared the same description it would have likely worked for copay-dash. The injected code: - Read in AES encrypted data from a file...

6.8AI score
Exploits0Affected Software1
Hacker One
Hacker One
added 2018/11/26 6:28 p.m.152 views

Node.js third-party modules: flatmap-stream malicious package (distributed via the popular events-stream)

I would like to report a case of malicious package flat-stream that made it's way into many other npm packages. One such popular package is event-stream user dominictarr transferred the ownership of an npm module to another user because he wasn't actively maintaining it. That user then added...

0.9AI score
Exploits0
OpenVAS
OpenVAS
added 2018/06/12 12:0 a.m.74 views

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

10CVSS7.4AI score0.02342EPSS
Exploits4References108
Rows per page
Query Builder