MAL-2026-6299 Malicious code in analysis-chart (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1ab4349bcc1e8f4434817d242b136f6e6050d4acb234aa833d81ffd74942066 The package's postinstall hook install-hook.js, invoked via package.json scripts.postinstall fetches an opaque binary 'payload.bin' from...

Malicious code in analysis-chart (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1ab4349bcc1e8f4434817d242b136f6e6050d4acb234aa833d81ffd74942066 The package's postinstall hook install-hook.js, invoked via package.json scripts.postinstall fetches an opaque binary 'payload.bin' from...

MAL-2026-5542 Malicious code in india-map-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1de9d093e23698e3ad3f0336a7619bd43049d1f62b822744733a48060b51a4a package.json declares a postinstall hook that runs curl -skL...

PT-2026-46945

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Description An issue exists in the Envoy gateway related to HTTP/2, which can be exploited to cause a denial of service, potentially bringing down an Evonode. There have been reports of elevated activities...

Malicious code in twokey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20c6d8e22fd03dd5ff39bac81bcbffd05db3b2a08dcf9768332094ffcca4eebd The package's postinstall hook unconditionally executes node bin/twokey.js --desktop --enable-autostart, which performs three install-time actions...

MAL-2026-4458 Malicious code in @toni77777/aora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8566221a9ab9a1cb01b0f23e2af4b140d2e97310701b8c9a8f4bed1481fb22b2 On npm install, scripts/postinstall.js fetches a platform-specific executable from https://github.com/yourusername/aora/releases/download/v0.1.0/,...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception via the eventstream decoder process. An attacker can cause the host process to terminate unexpectedly by sending a crafted EventStream response frame containing a header value type byte outside the valid range...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the port-change endpoint in the web port configuration process. An attacker can cause service disruption or loss of access by tricking an authenticated user into submitting a crafted request, which...

MAL-2025-190880 Malicious code in @posthog/github-release-tracking-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb87af9bbf0349dfcf64e3a477f69780fd16d5d4d8e0269f263dc25214fd2f00 The package @posthog/github-release-tracking-plugin was found to contain malicious code. Source: ghsa-malware...

Malicious code in @posthog/github-release-tracking-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb87af9bbf0349dfcf64e3a477f69780fd16d5d4d8e0269f263dc25214fd2f00 The package @posthog/github-release-tracking-plugin was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198945

Malicious code in @posthog/github-release-tracking-plugin npm...

EUVD-2025-32448

A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be...

CVE-2025-11280

A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered...

PT-2025-40793

A vulnerability was found in Frappe LMS 2.34.x/2.35.0. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could be...

PT-2025-39659

Name of the Vulnerable Software and Affected Versions givanz Vvveb versions through 1.0.7.2 Description A weakness exists in givanz Vvveb that could allow for cross-site request forgery. The vulnerability affects unknown code and can be exploited remotely. The exploit has been publicly released...

Security Bulletin: NVIDIA Apex - August 2025

NVIDIA has released a software update for NVIDIA Apex. To protect your system, install the software including the Github release 25.07 of NVIDIA Apex. Go to NVIDIA Product Security...

Security Bulletin: NVIDIA TensorRT LLM - April 2025

NVIDIA has released a software update for NVIDIA® TensorRT LLM Framework. To protect your system, download and install the latest release from the https://github.com/NVIDIA/TensorRT/releases page on GitHub. Go to NVIDIA Product Security...

Security Bulletin: NVIDIA NeMo - March 2025

NVIDIA has released a software update for NVIDIA® NeMo Framework. To protect your system, download and install the latest release from the NeMo-Framework-Launcher Releases page on GitHub. Go to NVIDIA Product Security...

MAL-2024-9809 Malicious code in rustc_codegen_cranelift-github-release (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in github_release-stats (RubyGems)

--- -= Per source details. Do not edit below this line.=-...