Malicious Package

Overview github-badge-bot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2026-0936

Malicious code in github-badge-bot npm...

CVE-2024-30194

creationtimestamp| type| source ---|---|--- 2026-01-03 21:50:06+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-30194.yaml 2026-01-05 21:03:09+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mbpdlgj6s522...

golang-cicd-poc

Golang CI/CD POC Project POC project for trying out different...

CVE-2025-61322

creationtimestamp| type| source ---|---|--- 2026-01-03 04:02:20+00:00| seen| https://gist.github.com/Professor-mogli/b1d3e5a44cb225ea8ecf5fd51ec149e1...

GHSA-XR72-2G43-586W

creationtimestamp| type| source ---|---|--- 2026-01-02 21:50:38+00:00| published-proof-of-concept| Telegram/rY7awwgYiyf4MoJmU46p1ZfRs7aDMuxx9VM2nTHHFeQecLc...

[SECURITY] Fedora 43 Update: gh-2.83.2-1.fc43

A command-line interface to GitHub for use in your terminal or your scripts. gh is a tool designed to enhance your workflow when working with GitHub. It provides a seamless way to interact with GitHub repositories and perform vari ous actions right from the command line, eliminating the need to...

Advanced Vulnerability Scanning for Open Source Software: Detection and Mitigation of Log4j Vulnerabilities

Automated detection of software vulnerabilities remains a critical challenge in software security. Log4j is an industrial-grade Java logging framework listed as one of the top 100 critical open source projects. On Dec. 10, 2021 a severe vulnerability Log4Shell was disclosed before being fully...

Fedora: Security Advisory (FEDORA-2025-f8e5522ee0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-RWC2-F344-Q6W6

creationtimestamp| type| source ---|---|--- 2025-12-31 23:42:18+00:00| seen| https://bsky.app/profile/azu.bsky.social/post/3mbd25gvgx72y 2026-01-24 22:44:27+00:00| seen| https://gist.github.com/alon710/1b374eaf78dadda1b4eab4b9c4ec88f1...

Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack

Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud aka Sha1-Hulud supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets. "Our Developer GitHub...

GHSA-MRFV-M5WM-5W6W libsodium has Incomplete List of Disallowed Inputs

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. This advisoory...

GHSA-R399-636X-V7F6 vulnerabilities

Vulnerabilities for packages: langfuse, langfuse-fips, librechat, kibana...

MAL-2025-192988 Malicious code in yellowdiscordlookup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a458f47de1b6a86fa1139c7fa7def7c0035d181b6db01d635374e0e6058893a9 The package yellowdiscordlookup was found to contain malicious code. Source: ghsa-malware...

CVE-2021-4448

creationtimestamp| type| source ---|---|--- 2025-12-30 13:10:46+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-4448.yaml 2025-12-31 21:03:10+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mbcraiimvn2f...

[SECURITY] Fedora 42 Update: golang-github-jwt-5-5.2.1-4.fc42

A Go implementation of JSON Web Tokens...

Fedora: Security Advisory (FEDORA-2025-cfdd59f20f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-12b00d8e2c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-17f9c28389)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-570618af7e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...