Lucene search
K

11 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.9 views

Malicious code in @glitchpad/throttler (npm)

@glitchpad/throttler malicious version 2.2.3, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

5.9AI score
Exploits0References7
OSV
OSV
added 2026/06/22 12:0 p.m.9 views

MAL-2026-6307 Malicious code in @glitchpad/throttler (npm)

@glitchpad/throttler malicious version 2.2.3, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

5.9AI score
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.3 views

SUSE CVE-2019-16776

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

7.7CVSS7.9AI score0.03342EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2020/06/19 3:46 a.m.6 views

npm: Arbitrary file write via constructed entry in the package.json bin field

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

8.1CVSS7.5AI score0.03342EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/02/25 1:7 p.m.4 views

npm: Arbitrary file write via constructed entry in the package.json bin field

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

8.1CVSS7.5AI score0.03342EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/02/25 8:39 a.m.6 views

npm: Symlink reference outside of node_modules folder through the bin field upon installation

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

7.7CVSS7.5AI score0.03266EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/02/25 8:39 a.m.5 views

npm: Global node_modules Binary Overwrite

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...

7.7CVSS7.1AI score0.01984EPSS
Exploits0References4
OSV
OSV
added 2019/12/13 1:15 a.m.2 views

DEBIAN-CVE-2019-16777

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...

6.5CVSS6.9AI score0.01984EPSS
Exploits0References1
OSV
OSV
added 2019/12/13 1:15 a.m.3 views

DEBIAN-CVE-2019-16775

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

6.5CVSS7AI score0.03266EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/12/11 12:0 a.m.6 views

PT-2019-1105 · Npm +6 · Npm Cli +6

Name of the Vulnerable Software and Affected Versions: npm CLI versions prior to 6.13.3 Description: The issue exists due to incorrect restriction of the path name to a directory with limited access. Exploitation may allow a remote attacker to write arbitrary files by creating a symbolic link to...

9.8CVSS7.4AI score0.57132EPSS
Exploits2References104
Positive Technologies
Positive Technologies
added 2019/12/11 12:0 a.m.4 views

PT-2019-1104 · Npm +6 · Npm Cli +6

Name of the Vulnerable Software and Affected Versions: npm CLI versions prior to 6.13.4 Description: The issue allows for an Arbitrary File Overwrite due to the failure to prevent existing globally-installed binaries from being overwritten by other package installations. For example, if a package...

9.8CVSS7.2AI score0.57132EPSS
Exploits2References106
Rows per page
Query Builder