MAL-2025-143834 Malicious code in janus-server-aurora-phoebe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8ae2daf5864f511b2fd8658d01350244d0ae648e11c6aab4d1f206632120899 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in janus-server-aurora-phoebe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8ae2daf5864f511b2fd8658d01350244d0ae648e11c6aab4d1f206632120899 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-112279

Malicious code in janus-server-aurora-phoebe npm...

EUVD-2025-116924

Malicious code in acamar-morgan-janus-server npm...

EUVD-2025-112627

Malicious code in hyperion-markdown-pdf-janus-server npm...

DEBIAN-CVE-2020-10574

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...

Slack: Slack DTLS uses a private key that is in the public domain, which may lead to SRTP stream hijack

Affects: Janus DTLS certificate Description The Janus server in use by Slack is configured using a certificate and private key that were previously distributed by default. This certificate is used to authenticate the DTLS connection which is later used to exchange keys for the SRTP stream. As a...