Malicious code in lullaby_4edz4_qrv4x_hush (npm)

The package lullaby4edz4qrv4xhush was found to contain malicious code...

MAL-2025-9990 Malicious code in @zalastax/nolb-_exr (npm)

The package @zalastax/nolb-exr was found to contain malicious code...

MAL-2025-36531 Malicious code in test-mlw2-twite-chins (npm)

The package test-mlw2-twite-chins was found to contain malicious code...

MAL-2025-34873 Malicious code in test-mlw2-amend-agism (npm)

The package test-mlw2-amend-agism was found to contain malicious code...

MAL-2023-5448 Malicious code in py-pipstudystr (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 78bfa63672e16b73bb37d6ebd2edf36145be7235d025fe1d73b01eba7b07596a EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in yelp_map_engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc0e065f97aa48a1c14b34413686b75a0bd2f8c7ff87df9a5d5ece8040e26348 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2019-3881

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...