Malicious code in kik-starter (npm)

The package kik-starter was found to contain malicious code...

MAL-2025-24454 Malicious code in kik-starter (npm)

The package kik-starter was found to contain malicious code...

artery-routes-docs (>=0.0.2 <=0.0.25), arteryjs (=0.0.0) +5 more potentially affected by unknown CVE via to-slug (=0.0.0)

to-slug NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on to-slug and may be impacted: - artery-routes-docs =0.0.2, =0.2.0, =0.0.0, =1.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-37002...

cli-form (>=0.0.0 <=0.1.4), kik (>=0.0.0 <=1.3.0) potentially affected by unknown CVE via cli-qa (>=0.3.0 <=2.3.0)

cli-qa NPM version =0.3.0, =0.0.0, =0.0.0, =1.3.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-17116...

kik (>=0.2.0 <=1.3.0) potentially affected by unknown CVE via to-class-name (=0.0.0)

to-class-name NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on to-class-name and may be impacted: - kik =0.2.0, =1.3.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-37001...

cli-form (>=0.0.0 <=0.1.4), cli-qa (>=0.0.0 <=2.3.0) +1 more potentially affected by unknown CVE via read-cli-input (=1.0.1)

read-cli-input NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on read-cli-input and may be impacted: - cli-form =0.0.0, =0.0.0, =0.0.0, =1.3.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-31878...

go-api-starter (>=0.0.0 <=1.3.0), redux-starter (>=0.0.0 <=1.1.0) potentially affected by unknown CVE via kik-starter (>=0.0.1 <=2.2.1)

kik-starter NPM version =0.0.1, =0.0.0, =0.0.0, =1.1.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-24454...

cli-form (>=0.1.0 <=0.1.4), cli-qa (>=2.0.0 <=2.3.0) +1 more potentially affected by unknown CVE via comma-list (>=0.0.0 <=0.0.1)

comma-list NPM version =0.0.0, =0.1.0, =2.0.0, =0.0.0, =1.3.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-17400...

cli-form (>=0.0.0 <=0.1.4), kik (>=0.0.0 <=1.3.0) potentially affected by unknown CVE via config-doc (=0.1.0)

config-doc NPM version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on config-doc and may be impacted: - cli-form =0.0.0, =0.0.0, =1.3.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-17474...

cli-form (>=0.0.0 <=0.1.4), cli-qa (>=0.0.0 <=2.3.0) +2 more potentially affected by unknown CVE via on-key-press (=0.0.0)

on-key-press NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on on-key-press and may be impacted: - cli-form =0.0.0, =0.0.0, =0.0.0, =0.0.0, =1.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-28228...

gezi-core (>=0.0.0 <=0.0.2), kik-starter (>=2.1.0 <=2.2.0) potentially affected by unknown CVE via parallelly (>=0.0.1 <=0.1.0)

parallelly NPM version =0.0.1, =0.0.0, =2.1.0, =2.2.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-28866...

kik (>=0.0.0 <=1.3.0) potentially affected by unknown CVE via cli-form (=0.1.4)

cli-form NPM version =0.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on cli-form and may be impacted: - kik =0.0.0, =1.3.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-17105...

kik (>=0.0.0 <=1.3.0), kik-starter (=2.2.0) potentially affected by unknown CVE via install-module (>=0.2.0 <=1.1.0)

install-module NPM version =0.2.0, =0.0.0, =1.3.0 - kik-starter =2.2.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-23249...

kik-elektro.nl Cross Site Scripting vulnerability OBB-1304377

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

kik-elektro.nl Cross Site Scripting vulnerability OBB-1285804

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Kik - Certificates or keys found, ContentProvider mode not defined, Dynamic Code Loading vulnerabilities

HackApp vulnerability scanner discovered that application Kik published at the 'play' market has multiple vulnerabilities...

Video For Kik - External URLs, Native code usage, SD-card access vulnerabilities

HackApp vulnerability scanner discovered that application Video For Kik published at the 'play' market has multiple vulnerabilities...

Find Friends For Kik - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Find Friends For Kik published at the 'play' market has multiple vulnerabilities...

Fontsy: Cool fonts for Kik - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Fontsy: Cool fonts for Kik published at the 'play' market has multiple vulnerabilities...

Chat Rooms for KIK - Customized SSL, Dynamic Code Loading, Exported components vulnerabilities

HackApp vulnerability scanner discovered that application Chat Rooms for KIK published at the 'play' market has multiple vulnerabilities...