7 matches found
CVE-2025-54887
jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption JWE standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk becau...
GHSA-C7P4-HX26-PR73 JWE is missing AES-GCM authentication tag validation in encrypted JWE
Overview The authentication tag of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. Impact - JWEs can be modified to decrypt to an arbitrary value - JWEs can be decrypted by observing parsing differences - The...
MAL-2025-3927 Malicious code in world-id-discord (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17c2aa40d0cfe3dd971a7de35ba8d570a70d3b34f516dd5d69eff3bd7309bf96 Any computer that has this package installed or running should be considered...
MAL-2025-2359 Malicious code in aiven-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7ef5fbee116dc7c6a033971fa455298110b289026b14470eb6120ae7aa06467 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2270 Malicious code in prop2json (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba3f95e1ff84041bd744e219bdd29d520207636ad498e6d7609a6717aac068d5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1248 Malicious code in internallib_v185 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8939bc2acda7e18713b6ff48ec41b70f18201a851beeabecd0e544cfe80430c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2292 Malicious code in cvs-codestyle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3da5af16e19bb4b158ddf6bab94fe69208f359c22aa8538d55e4fa3e4ea41e2e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...