27 matches found
@axelspringer/hubots (>=1.0.0 <=1.0.11), @flambo/bot (>=0.1.0 <=0.1.2) +186 more potentially affected by CVE-2026-44211 via cline (=0.8.2)
cline NPM version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on cline and may be impacted: - @axelspringer/hubots =1.0.0, =0.1.0, =0.0.2-alpha.0, =0.0.1, =0.1.0, =0.0.0, =0.0.16, =4.0.0-alpha.2, =0.3.0, =2.0.0 and more Source cves:...
EUVD-2020-0627
Malware in sbrugna...
Malicious code in hubot-frostedio-env (npm)
The package hubot-frostedio-env was found to contain malicious code...
Malicious code in hosted-hubot (npm)
The package hosted-hubot was found to contain malicious code...
MAL-2025-22770 Malicious code in hubot-factoids-3ch01c (npm)
The package hubot-factoids-3ch01c was found to contain malicious code...
MAL-2025-22662 Malicious code in hosted-hubot (npm)
The package hosted-hubot was found to contain malicious code...
MAL-2025-22771 Malicious code in hubot-frostedio-env (npm)
The package hubot-frostedio-env was found to contain malicious code...
Malicious code in hubot-factoids-3ch01c (npm)
The package hubot-factoids-3ch01c was found to contain malicious code...
Malicious code in hubot-currencies (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-6725 Malicious code in hubot-currencies (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in hubot-hangouts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a411a5e1860f7c3e70679f26150c8bc5300c4e1545d0b6e53e9794171a5529a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE CVE-2013-7378
scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands...
Malicious code in hubot-hostinger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c85959aca3460e18563c06764a271944b6b01c90c2f402f623e49ed439b5bbc8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3715 Malicious code in hubot-hostinger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c85959aca3460e18563c06764a271944b6b01c90c2f402f623e49ed439b5bbc8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3714 Malicious code in hubot-awex (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0979056c49e5558c7b7321c0110f39d6860988491f1e249849d3f02c85468387 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in hubot-awex (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0979056c49e5558c7b7321c0110f39d6860988491f1e249849d3f02c85468387 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in olx-hubot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c6f13567eaeea713e45447a15fd6f75483e9d4f235554f3488ee9e4d430c2685 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5059 Malicious code in olx-hubot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c6f13567eaeea713e45447a15fd6f75483e9d4f235554f3488ee9e4d430c2685 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Rocket.Chat: Unintended information disclosure in the Hubot Log files
Dear Rocket.Chat Team While inspecting our logs I noticed, that the OAuth Tokens are leaked in plaintext in the logs. I wanted to draw your attention to this, as this is a security vulnerability. See the attached Screenshot for a redacted log excerpt. In my opinion, the best approach here would b...
Potential Command Injection in hubot-scripts
Versions 2.4.3 and earlier of hubot-scripts are vulnerable to a command injection vulnerablity in the hubot-scripts/package/src/scripts/email.coffee module. Mitigating Factors The email script is not enabled by default, it has to be manually added to hubot's list of loaded scripts. Recommendation...