99 matches found
LZ4 Java Compression has Out-of-bounds memory operations which can cause DoS
Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. This is fixed in a forked release: at.yawk.lz4:lz4-java version 1.8.1. The original project has been archived:...
GHSA-VQF4-7M7X-WGFC LZ4 Java Compression has Out-of-bounds memory operations which can cause DoS
Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. This is fixed in a forked release: at.yawk.lz4:lz4-java version 1.8.1. The original project has been archived:...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to the use of the insecure LZ4decompressfast in the underlying lz4 library, which lacks bounds checks. An attacker can cause denial of service or access sensitive memory contents by providing specially crafted...
Malicious code in fork-eslint-slidev-chakra-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14f8ab67ea8427ea5b62140b04dc5a91e4b2512ef31a7be5a7f29ca3f838dfed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-178858
Malicious code in fork-webpack-kastra-chai npm...
EUVD-2025-178864
Malicious code in fork-eslint-slidev-chakra-ui npm...
EUVD-2025-113525
Malicious code in fork-eslint-plugin-procyon-fusion npm...
Malicious code in playwright-achernar-fork-quantum (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92b8f8c34cd0569e980d0406ca537a6f31f0966e068ac568d2797b35fc517fbd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-113517
Malicious code in fork-publish-node-config-mini-css-extract-plugin npm...
MAL-2025-142603 Malicious code in fork-writable-miranda-dorado (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa2c06e94df0ee3bbe0de2fafb23ce4891a4357d3007dc2d8241ab688d448ba3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-72608 Malicious code in dono-oblok5-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74081e636c233358f61ebd3507690776df36526469ffbe46bd6200bdbf8d2c1f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Chasing One-Day Vulnerabilities across Open Source Forks
Tracking vulnerabilities inherited from third-party open-source components is a well-known challenge, often addressed by tracing the threads of dependency information. However, vulnerabilities can also propagate through forking: a repository forked after the introduction of a vulnerability, but...
Gathers structured vuln data from plugins that fork
This plugin generates internal host tags for vulnerability data from plugins that fork. It queries scratchpad tables, aggregates the vulnerability data by plugin ID, port and protocol, then attaches the data to the scan as internal host tags. This plugin does not create a scan vulnerability repor...
EUVD-2025-25611
Malicious code in bioql PyPI...
MAL-2025-44287 Malicious code in fork-superflare-multiverse-spectron (npm)
The package fork-superflare-multiverse-spectron was found to contain malicious code...
Malicious code in aiohttp-proxies-forked (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-41618 Malicious code in aiohttp-proxies-forked (PyPI)
--- -= Per source details. Do not edit below this line.=-...
CVE-2025-55398
CVE-2025-55398 affects the mouse07410 asn1c fork (through 0.9.29). In UPER decoding, asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits, potentially processing malformed input. Affected: decoders in this asn1c fork; impact is high (per CVSS...
Malicious code in sagemaker-forked-extensions (npm)
The package sagemaker-forked-extensions was found to contain malicious code...
MAL-2025-32621 Malicious code in sagemaker-forked-extensions (npm)
The package sagemaker-forked-extensions was found to contain malicious code...