MAL-2026-6271 Malicious code in node-fetch-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78aef0d64a7d761d2987d27aea462083425e5692475cd81332b7a3152c754308 On Windows, scripts/postinstall.js XOR-decodes a hardcoded C2 host node22.lunes.host:3258, authenticates with a 5-minute rolling HMAC-SHA256 token,...

Malicious code in solanakit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3e8770458eab636335241e359b6cee149cc00640fb2418b4462c89ec88accc93 During import, the code downloads and starts a malicious package hosted on GitHub. It then first ensures persistency e.g., through the autostart registry key...

Understand your software’s supply chain with GitHub’s dependency graph

What if you could spot the weakest link in your software supply chain before it breaks? With GitHub's dependency graph, you can. By providing a clear, complete view of the external packages your code depends on, both directly and indirectly, it allows you to understand, secure, and manage your...

GO-2023-1543 mrpack-install vulnerable to path traversal with dependency in github.com/nothub/mrpack-install

mrpack-install vulnerable to path traversal with dependency in github.com/nothub/mrpack-install...

Remote Code Execution(RCE)

github.com/bits-and-blooms/bloom is vulnerable to Remote Code Execution RCE. The vulnerability is due to the library depending on a library but referencing it with an old URL github.com/GoASTScanner/gas, which leads to dependency confusion. An attacker can register the old GitHub user-name and...