23 matches found
GHSA-G38R-8GMR-GHRF `mysten-metrics` was removed from crates.io for malicious code
mysten-metrics included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...
GHSA-QPRH-M6P3-HWXC `sui-execution-cut` was removed from crates.io for malicious code
sui-execution-cut included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...
RUSTSEC-2026-0108 `sui-execution-cut` was removed from crates.io for malicious code
sui-execution-cut included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...
RUSTSEC-2026-0100 `pretty-changelog-logger` was removed from crates.io for malicious code
pretty-changelog-logger contains a build script build.rs that acts as a loader/dropper for malicious payloads. The malicious crate had 3 versions published on 2026-04-08 that had a total of 2239 downloads. There were no crates depending on this crate on crates.io. Thanks to Socket.dev for detecti...
cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...
Malicious code in nspack (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7741f090145e1e4bbd7998edba9c8151bd5dd3380adaa430e8f05cb2c814396f These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious...
CVE-2026-25063
gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab completion in a project containing a malicious Gradle build file. Th...
CVE-2026-25063
gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab completion in a project containing a malicious Gradle build file. Th...
CVE-2026-25063
gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab completion in a project containing a malicious Gradle build file. Th...
CVE-2026-25063 gradle-completion has a Bash command injection issue
gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab completion in a project containing a malicious Gradle build file. Th...
CVE-2026-25063 gradle-completion has a Bash command injection issue
gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab completion in a project containing a malicious Gradle build file. Th...
CVE-2026-25063
CVE-2026-25063 affects the gradle-completion project (Bash and Zsh completion for Gradle). The issue is a command injection in the Bash completion logic up to and including version 9.3.0, where Gradle task names or descriptions containing backticks can be evaluated as shell commands during Bash t...
CVE-2026-25063 gradle-completion has a Bash command injection issue
gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab completion in a project containing a malicious Gradle build file. Th...
PT-2026-5364
Name of the Vulnerable Software and Affected Versions gradle-completion versions prior to 9.3.1 Description gradle-completion offers Bash and Zsh completion support for Gradle. A command injection issue exists in versions up to and including 9.3.0, potentially leading to arbitrary code execution...
EUVD-2024-0383
Malicious code in bioql PyPI...
podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile
A vulnerability was found in podman build and buildah. This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the hos...
`postgress` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...
`xrvrv` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...
`envlogger` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...
Attacking The Supply Chain: Developer
In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment IDE, this proof considers the execution of malicious build scripts via injecting commands when th...