@makerdao/testchain-client (>=0.0.1 <=0.3.0-beta.0) potentially affected by CVE-2021-46871 via phoenix_html (=2.14.3)

phoenixhtml NPM version =2.14.3 is affected by a known vulnerability. The following packages have a transitive dependency on phoenixhtml and may be impacted: - @makerdao/testchain-client =0.0.1, =0.3.0-beta.0 Source cves: CVE-2021-46871 Source advisory: OSV:GHSA-5G2H-9X5V-5H3X...

MAL-2022-4465 Malicious code in makerdao-governance-bot (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c1ac0e725d092b660fd4c21ffdc91cd9a401b00436349e08563ea9661e049d9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in makerdao-governance-bot (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c1ac0e725d092b660fd4c21ffdc91cd9a401b00436349e08563ea9661e049d9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

BlockDev Sp. Z o.o: Blind SSRF at https://chat.makerdao.com/account/profile

Blind SSRF at https://chat.makerdao.com/account/profile...

BlockDev Sp. Z o.o: UNRESTRICTED FILE UPLOAD AT chat.makerdao.com

Uploading any file types to the company chat...

BlockDev Sp. Z o.o: Wordpress users disclosure on blog.makerdao.con

Wordpress users disclosure on blog.makerdao.con...