218 matches found
CVE-2021-23391
This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality...
GO-2021-0068 Arbitrary code injection via the go command with cgo on Windows in cmd/go
The go command may execute arbitrary code at build time when using cgo on Windows. This can be triggered by running go get on a malicious module, or any other time the code is built...
`mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
...
Malicious Module
bowee has a malicious module in the form of a preinstall script. The script gets a backdoor file from a remote server and executes it, subsequently giving full control of the computer to an external malicious entity...
Malicious Module
donotinstallthis was a malicious module. A malicious script was executed as a part of installation, allowing it to hijack environment variables to track and send information on how many installations were done...
CVE-2017-16207
discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin...
CVE-2017-16207
discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin...
CVE-2017-16081
cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16075
http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16074
crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16078
shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16076
proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16077
mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16080
nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
Code injection
proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
Code injection
gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
Code injection
mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16067
node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16064
node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16060
babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...