55 matches found
MAL-2026-10431 Malicious code in @tailwind-ts/eslint-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8feb6293e6f7cb00a6c6ab82e6d04f8eae29e846ae0abb8a1d65e2cdfbbc9c7 Package is published as an ESLint plugin for Tailwind CSS v4, but the shipped code implements unrelated Polymarket Kelly stake math and a postinstall...
MAL-2026-6678 Malicious code in ts-linting-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c719aef78218f6b59b9f209c41eff610782c86c2ced5aeabe288218ac3c4f880 On npm install, the package's postinstall script test.js invokes routines in index.js that recursively scan the current working directory and the...
Malicious code in ts-linting-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c719aef78218f6b59b9f209c41eff610782c86c2ced5aeabe288218ac3c4f880 On npm install, the package's postinstall script test.js invokes routines in index.js that recursively scan the current working directory and the...
CVE-2026-12528
A flaw was found in 389 Directory Server in the aclpnormalizeacltxt function of aclparse.c. A malformed ACI Access Control Instruction string can trigger heap-buffer-overflow writes and reads during ACI parsing. The function fails to validate that the ACI keyword has sufficient length after...
CVE-2026-46374 SQLFluff: Uncontrolled Resource Consumption in Parser
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...
GHSA-92MM-2PJQ-R785 vulnerabilities
Vulnerabilities for packages: kubescape-server-fips, grype, grype-fips, terraform, terraform-fips, crossplane-provider-terraform-fips, kots, xeol-fips, opentofu-fips, syft, packer, task-fips, k9s-fips, chainctl-fips, conftest-fips, crossplane-provider-terraform, tflint, conftest, cloudbeat,...
MAL-2026-2177 Malicious code in linting (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5cb47704e5a0d8d5d241dd382567f85027854c50652bb5889cde58c2b6db00a7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in eslint-plugin-superhuman-custom-rules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e50258e14acd3712854f3059d043b8c4982563ab8d401555b253702a3212279 The package eslint-plugin-superhuman-custom-rules was found to contain malicious code...
EUVD-2026-3169
Malicious code in eslint-plugin-fuel-react npm...
EUVD-2026-1618
Malicious code in @zuora-marketing/linting npm...
Malicious code in @zuora-marketing/linting (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ddcfd1151af868e694a4a79307ce1284331ad88b8ff631651f3fd2c47fbf342a The package @zuora-marketing/linting was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-168 Malicious code in @zuora-marketing/linting (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ddcfd1151af868e694a4a79307ce1284331ad88b8ff631651f3fd2c47fbf342a The package @zuora-marketing/linting was found to contain malicious code. Source: ossf-package-analysis...
golang-cicd-poc
Golang CI/CD POC Project POC project for trying out different...
EUVD-2025-176037
Malicious code in technosignature-eslint-plugin-deimos-stop npm...
Malicious code in eslint-config-socketio-development-event (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29f4ba7bcceda7e6c47a55286d07be81507c98e76b1293b35e26b1670af017aa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-122842
Malicious code in readable-eslint-config-fomalhaut-dotenv npm...
MAL-2025-142206 Malicious code in eslint-config-prettier-plugin-markdown-zephyr-airbnb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81b3ef52b43da2fe6d4c198943373ceb6eaaa3a2711589e609220e6dcda6cf2c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in eslint-plugin-ethereumjs (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious Package
Overview vite-linting-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2021-17424
Malware in sbrugna...