195 matches found
pnpm 安全漏洞
pnpm is a package manager in the pnpm open source. A security vulnerability exists in pnpm 10.26.2 and earlier versions, which stems from a missing integrity hash in the HTTP compressed package dependencies stored in the lock file, which could cause the server to serve different content...
go.sum Is Not a Lockfile
I need everyone to stop looking at go.sum, especially to analyze dependency graphs. It is not a “lockfile,”1 and it has zero semantic effects on version resolution. There is truly no use case for ever parsing it outside of cmd/go. go.sum is only a local cache for the Go Checksum Database. It’s a...
Exploit for CVE-2025-66478
fix-react2shell-next One...
Exploit for CVE-2025-55182
🔍 Phoenix SCA Scanner - Universal - Version for CVE-2025-55182...
EUVD-1999-1168
Malware in sbrugna...
EUVD-2010-1154
Malware in sbrugna...
EUVD-2025-15407
Malicious code in bioql PyPI...
EUVD-2022-1409
Malicious code in bioql PyPI...
Malicious code in pnpm_prune_lockfile_v9 (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-47717 Malicious code in pnpm_prune_lockfile_v9 (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-47716 Malicious code in pnpm_prune_lockfile_v8 (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in pnpm_prune_lockfile_v8 (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in pnpm_lockfile_file_v9 (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-47715 Malicious code in pnpm_lockfile_file_v9 (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in pnpm_lockfile_file_v8 (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-47714 Malicious code in pnpm_lockfile_file_v8 (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-47021 Malicious code in rushstack-lockfile-explorer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00ab388958610beed90f3054ac980a3e187917b93ec99f6f75cbeeff5c3f5dbe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview rushstack-lockfile-explorer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in rushstack-lockfile-explorer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00ab388958610beed90f3054ac980a3e187917b93ec99f6f75cbeeff5c3f5dbe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Incorrect Behavior Order
lockfile-lint-api is vulnerable to Incorrect Behavior Order. The vulnerability is due to early validation of the resolved attribute in package URLs, which can be bypassed by extending the package name, allowing attackers to install unintended npm packages...