311864 matches found
MAL-2026-2268 Malicious code in gemini-ai-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 db2be37ea455b54b825242a3f66310fdf3f70e50b1dc1a234fa3ebb534afa857 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
MAL-2026-2257 Malicious code in xpna-context (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 678a96ef06b05d2ab867c1eea4dbed1cfc69f99cb4904e02c48736df0da7695e The package xpna-context was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in dgxeon-soket-buttonx (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a92a6c68bc523541697f8bb80096a0b9425efac6c8413c08e4dea82afad4e4a The package dgxeon-soket-buttonx was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2252 Malicious code in dgxeon-baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d41bea5fa12db95f82f32ef9f61f3e7dc60e7ef381589dff3780e758c19441f5 The package dgxeon-baileys was found to contain malicious code. Source: ghsa-malware 6c59d91ff6ae7727c79a7dfac9d7a7251193e519cf4f1f846a7368c1db065340...
Malicious Package
Overview sitewidesearch-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in chai-as-added (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 121a09e21b10c98f705a02343e235a9800c57b33a81abf364a47c3af69b6ceb4 The package chai-as-added was found to contain malicious code. Source: ghsa-malware 8d5056d792b6ced90bb9fe5c9ebd1726cc6bd61554739bb67c933cf4f7f50840...
MAL-2026-2249 Malicious code in chai-as-added (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 121a09e21b10c98f705a02343e235a9800c57b33a81abf364a47c3af69b6ceb4 The package chai-as-added was found to contain malicious code. Source: ghsa-malware 8d5056d792b6ced90bb9fe5c9ebd1726cc6bd61554739bb67c933cf4f7f50840...
Malicious code in test1sharp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 870c745216e287e72f189910e8bd7369f6d6aedbabf85077bfe170b2d1e1de12 The package test1sharp was found to contain malicious code. Source: ghsa-malware c18dd124c0c097c8c6e277f7fd86c791a6d988ecb5545f5811c669e6c1269a95 Any...
Malicious code in testtestsharp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d76d90d4c0413d045792eb3caf31ab7aa89d88854a891b2327107997b39eef91 The package testtestsharp was found to contain malicious code. Source: ghsa-malware a60a14bbd40854d1657cc0976cb3cd48a5cf74e75ed0be4db3d263ccbb782392...
MAL-2026-2250 Malicious code in test1sharp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 870c745216e287e72f189910e8bd7369f6d6aedbabf85077bfe170b2d1e1de12 The package test1sharp was found to contain malicious code. Source: ghsa-malware c18dd124c0c097c8c6e277f7fd86c791a6d988ecb5545f5811c669e6c1269a95 Any...
Malicious code in @ev-tech/eva-container-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 000e7dc4c22d822e052329e85f5a615743547eaafc111f35576b780059ca2afb The package @ev-tech/eva-container-api was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview @ev-tech/eva-container-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2026-2246 Malicious code in @ev-tech/eva-container-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 000e7dc4c22d822e052329e85f5a615743547eaafc111f35576b780059ca2afb The package @ev-tech/eva-container-api was found to contain malicious code. Source: ghsa-malware...
Malicious code in shop-republik-ch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3fe1a756db5b61e6883fb43ab2f27fd56333e302ad597c4bb9f1743b1f19b6 The package shop-republik-ch was found to contain malicious code. Source: ghsa-malware b68c5977e45306e58eda4d2345cb1ac0eba178c179064471f3327a30915e6d...
MAL-2026-2248 Malicious code in shop-republik-ch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3fe1a756db5b61e6883fb43ab2f27fd56333e302ad597c4bb9f1743b1f19b6 The package shop-republik-ch was found to contain malicious code. Source: ghsa-malware b68c5977e45306e58eda4d2345cb1ac0eba178c179064471f3327a30915e6d...
PT-2026-28466
Name of the Vulnerable Software and Affected Versions Home Assistant versions 2020.02 through 2026.01 Description Home Assistant, an open-source home automation software, contains a flaw where an authenticated user can inject malicious code into a device entity name. This allows for Cross-Site...
Embedded Malicious Code
Overview telnyx is a library that provides convenient access to the Telnyx REST API from any Python 3.9+ application. The library includes type definitions for all request params and response fields, and offers both synchronous and asynchronous clients powered by httpx. Affected versions of this...
Malicious code in requests-testik111 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 72561775d8d7a7c1e47c83f2a7e13ed9eeb776d05ca6924cfcceaca7cad0cfef Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in browserstack-electron-forge-include-package-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e23283b4b946444b885ae39acf12ae0ca55ddd864863df70b0fcf84f5c5c57b3 The package browserstack-electron-forge-include-package-plugin was found to contain malicious code. Source: ossf-package-analysis...
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers
A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...