EUVD-2025-203036

Malicious code in pp-js-lib npm...

Malicious Package

Overview pp-js-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

MAL-2025-192561 Malicious code in pp-js-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21ef567b818a3642f6a51a1d26f23c897c1ecc73c6e431361ee1512d288ab455 The package pp-js-lib was found to contain malicious code. Source: ghsa-malware ba1fcfff2f6e86511e78c7092763167dfd731beef4f008cc933bf1bb5b4255e1 Any...

curl: Buffer Overflow in cURL Internal printf Function

A critical buffer overflow vulnerability exists in the curlmsprintf function in cURL's internal printf implementation. The function writes formatted output to a user-provided buffer without performing any bounds checking, allowing attackers to overflow arbitrary memory and potentially achieve...

Malicious code in blank-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 96f1bcd77950a6cd42af11d0d4fb4ba3d58349cfde6236027341c044e152bfeb This is an infostealer, based on Blank Grabber. It's used as dependency in other malicious packages --- Category: MALICIOUS - The campaign has clearly maliciou...

MAL-2025-192364 Malicious code in blank-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 96f1bcd77950a6cd42af11d0d4fb4ba3d58349cfde6236027341c044e152bfeb This is an infostealer, based on Blank Grabber. It's used as dependency in other malicious packages --- Category: MALICIOUS - The campaign has clearly maliciou...

my-fastapi-scaffold (>=0.1.0 <=0.4.0), platform-base-lib (>=0.1.0 <=0.1.6) potentially affected by unknown CVE via fastcrud (>=0.15.1 <=0.16.0)

fastcrud PYPI version =0.15.1, =0.1.0, =0.1.0, =0.1.6 Source cves: unknown CVE Source advisory: SNYK:PYTHON-FASTCRUD-14172730...

Malicious Package

Overview @kiwiiw/ez-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in @ukg-oneapp/common-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b059e51ff63f10ad83b16a1eeebedec98eaba6ac470197fe119a0e5e404af75d The package @ukg-oneapp/common-lib was found to contain malicious code...

MAL-2025-191563 Malicious code in @ukg-oneapp/common-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b059e51ff63f10ad83b16a1eeebedec98eaba6ac470197fe119a0e5e404af75d The package @ukg-oneapp/common-lib was found to contain malicious code...

Malicious code in com.unity.sharp-zip-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cedde339d72e05699d5f33d7c16779f926f419baded72d7cd78d2610395cc807 The package com.unity.sharp-zip-lib was found to contain malicious code. Source: ghsa-malware...

OESA-2025-2753 containerd security update

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

Malicious Package

Overview bitcoin-lib-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview bitcoin-main-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-199717

Malicious code in bitcoin-main-lib npm...

Malicious code in bitcoin-main-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4f6833ddd073b7c036ec32739e3cb826bd1eda9d3c350eed423548f64f047b2 The package bitcoin-main-lib was found to contain malicious code. Source: ghsa-malware 06ed1aa4aa61f36d953368c74cb3daf102b02842a6a27843021b499b033d71...

MAL-2025-191477 Malicious code in bitcoin-main-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4f6833ddd073b7c036ec32739e3cb826bd1eda9d3c350eed423548f64f047b2 The package bitcoin-main-lib was found to contain malicious code. Source: ghsa-malware 06ed1aa4aa61f36d953368c74cb3daf102b02842a6a27843021b499b033d71...

Malicious code in my-saeed-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d222a4cf76e8e0efb6de33ce203327546a24a125a7b6fa1e70bf04566d4d1dd The package my-saeed-lib was found to contain malicious code. Source: ghsa-malware c835d59a9317a70385922241ebb4aa8a34025c5cef3f3c22e03df1fc6f22042f A...

EUVD-2025-199364

Malicious code in my-saeed-lib npm...

CVE-2025-64506 LIBPNG is vulnerable to a heap buffer over-read in `png_write_image_8bit` with grayscale+alpha or RGB/RGBA images

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's pngwriteimage8bit function when processing 8-bit images through t...