29748 matches found
MAL-2025-47450 Malicious code in hello-shai (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 297f2a57d1c225e18d8464c2024daef4567955be0eb8cd8d45052aa778fb4f3a This package was compromised by the Shai-Hulud NPM worm. The malicious payload steals tokens and credentials and publishes them to GitHub...
Malicious code in hello-shai (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 297f2a57d1c225e18d8464c2024daef4567955be0eb8cd8d45052aa778fb4f3a This package was compromised by the Shai-Hulud NPM worm. The malicious payload steals tokens and credentials and publishes them to GitHub...
GHSA-X7HR-W5R2-H6WG vulnerabilities
Vulnerabilities for packages: kibana, opensearch-dashboards-fips, opensearch-dashboards...
CVE-2025-55912
creationtimestamp| type| source ---|---|--- 2025-09-17 21:02:32+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lz2qay4iex25 2025-09-18 07:08:47+00:00| seen| https://bsky.app/profile/securitycipher.bsky.social/post/3lz3s55r7pt2j 2025-09-18 18:43:15+00:00| seen|...
GO-2025-3961 Podman Creates Temporary File with Insecure Permissions in github.com/containers/podman
Podman Creates Temporary File with Insecure Permissions in github.com/containers/podman...
GO-2025-3938 Coder vulnerable to privilege escalation could lead to a cross workspace compromise in github.com/coder/coder
Coder vulnerable to privilege escalation could lead to a cross workspace compromise in github.com/coder/coder...
GO-2025-3950 Mattermost Missing Authorization vulnerability in github.com/mattermost/mattermost-server
Mattermost Missing Authorization vulnerability in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
GO-2025-3940 Atlantis Exposes Service Version Publicly on /status API Endpoint in github.com/runatlantis/atlantis
Atlantis Exposes Service Version Publicly on /status API Endpoint in github.com/runatlantis/atlantis...
MAL-2025-47422 Malicious code in devextreme-rpk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f74fc68752b93858b4cd802b0c1c9c940779258a08c206b0787ebf5b94bc9738 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @strong-energetic/test-banned-file (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security beb2182dad9121d8cdfbd98f321d90cd62cda75f2c4ef68f1a5e22608808dc91 This package was compromised by the Shai-Hulud NPM worm. The malicious payload steals tokens and credentials and publishes them to GitHub...
Malicious code in devextreme-rpk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f74fc68752b93858b4cd802b0c1c9c940779258a08c206b0787ebf5b94bc9738 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47420 Malicious code in @basic-ui-components-stc/basic-ui-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c7cc4b06e4071b6e4613358e926ea521ee3acb2223670ed3783c57abb5c0567 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47421 Malicious code in @strong-energetic/test-banned-file (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security beb2182dad9121d8cdfbd98f321d90cd62cda75f2c4ef68f1a5e22608808dc91 This package was compromised by the Shai-Hulud NPM worm. The malicious payload steals tokens and credentials and publishes them to GitHub...
MAL-2025-47293 Malicious code in ace-colorpicker-rpk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 426138ee95f77b41d1c00a47edab8b076d8fef24aeddcacb76c601e67fea7312 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @ui-ux-gang/devextreme-rpk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc643d20a812778984d46636db2ea2e7e08c97ca2710b212c0b07a023461df59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-3378
creationtimestamp| type| source ---|---|--- 2025-09-16 20:55:49+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-3378.yaml 2025-09-17 21:02:43+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lz2qaznlls25...
Malicious code in @operato/popup (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 211d1a1f6ff1362c33afe9e1d91ae471476a624a0bc79a2ef3a1a74d7fc4189d Any computer that has this package installed or running should be considered fully compromised. All...
Malicious code in create-hest-app (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4f8a7c74b24a78d61a35d81d643117f524f843b425f34d281012f7ab8632868 Any computer that has this package installed or running should be considered fully compromised. All...
Malicious code in mstate-react (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 997c10662d47fa55ca8cd4db612274bf4d589c7d82d079b48fae3261bb5c65a7 Any computer that has this package installed or running should be considered fully compromised. All...
MAL-2025-47416 Malicious code in voip-callkit (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a734b4465eca2576dd3250f97ed37e8537b32d73d0b45adc3bca41bdd52c633c Any computer that has this package installed or running should be considered fully compromised. All...