Lucene search
K

21 matches found

Snyk
Snyk
added 2026/06/06 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.12 views

Embedded Malicious Code

Overview gpsea is a Python package for finding genotype-phenotype associations. Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that ha...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.8 views

Embedded Malicious Code

Overview embiggen is a graph machine learning submodule of the 🍇 GRAPE library. Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that ha...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Veracode
Veracode
added 2026/05/12 7:56 p.m.25 views

Embedded Malicious Code

@tanstack/ packages are vulnerable to Embedded Malicious Code. The vulnerability is due to misconfigured GitHub Actions workflows and cache poisoning weaknesses that allowed attackers to extract OIDC tokens and publish malicious package versions under a trusted identity...

9.6CVSS6AI score0.02342EPSS
Exploits3References7Affected Software42
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/22 10:6 p.m.7 views

Malicious code in xinference (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1d006f6a08c959393160456d4ace221fd165b6d609fc8356ebfb041979aef93d Versions 2.6.0, 2.6.1, 2.6.2 were compromised. Following a malicious pull request that exfiltrated sensitive data from the CI runner, three malicious PyPI...

5.4AI score
Exploits0References6
OSV
OSV
added 2026/04/22 10:6 p.m.11 views

MAL-2026-3000 Malicious code in xinference (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1d006f6a08c959393160456d4ace221fd165b6d609fc8356ebfb041979aef93d Versions 2.6.0, 2.6.1, 2.6.2 were compromised. Following a malicious pull request that exfiltrated sensitive data from the CI runner, three malicious PyPI...

5.5AI score
Exploits0References6
Veracode
Veracode
added 2026/03/26 7:49 a.m.6 views

Software Supply Chain Compromise

github.com/aquasecurity/trivy is vulnerable to software supply chain compromise. The vulnerability is due to compromised credentials and non-atomic credential rotation, which allowed an attacker to publish malicious releases and modify version tags, enabling them to inject credential-stealing...

9.4CVSS6AI score0.60368EPSS
Exploits2References15Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/24 5:53 p.m.24 views

Trivy ecosystem supply chain was briefly compromised

Summary On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious commits. On March 22...

9.4CVSS6.2AI score0.60368EPSS
Exploits2References16Affected Software3
ATTACKERKB
ATTACKERKB
added 2026/03/23 9:47 p.m.3 views

CVE-2026-33634

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...

9.4CVSS5.9AI score0.60368EPSS
In wildExploits2References11Affected Software5
Snyk
Snyk
added 2026/03/15 11:0 p.m.5 views

Embedded Malicious Code

Overview react-native-international-phone-number is an International mobile phone input component with mask for React Native Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised and a malicious version was released on...

9.8CVSS5.7AI score
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-27053

Malicious code in bioql PyPI...

9.9CVSS6.5AI score0.0075EPSS
Exploits0References2
Vaadin
Vaadin
added 2025/09/26 12:0 a.m.22 views

Vaadin Flow, Hilla and the September 2025 npm supply-chain attacks

Recently two major npm supply-chain attacks have been reported, raising concerns about the safety of the broader software ecosystem, including for Vaadin users. The first incident involved compromised maintainer accounts and malicious releases of widely used packages such as debug and chalk. The...

7.4AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/09 10:30 a.m.10 views

Malicious code in @duckdb/node-api (npm)

The DuckDB Node.js package @duckdb/node-api version 1.3.3 was compromised with malware through a sophisticated phishing attack targeting the DuckDB maintainers. An attacker created a pixel-perfect copy of the npmjs.com website at npmjs.help domain and tricked a maintainer into logging in and...

7.2AI score
Exploits0References1
The Hacker News
The Hacker News
added 2024/01/18 12:34 p.m.35 views

TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks

Continuous integration and continuous delivery CI/CD misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to orchestrate supply chain attacks. The misconfigurations could be abused by an attacker to "conduct a supply chain compromise of...

8.9AI score
Exploits0
Rows per page
Query Builder