EUVD-2026-1835

Malicious code in mixpanel-lib npm...

MAL-2026-176 Malicious code in mixpanel-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b11bdefc18a5b590716cefe2036f1f759ccb42fd3c22c420ac524a479ff9f01 The package mixpanel-lib was found to contain malicious code. Source: ghsa-malware 03fe07795e21df3debb6abf06b5b47f19ddd7996e5be6b06d8dd07fa37e7cd2f A...

Malicious Package

Overview mixpanel-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in mixpanel-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b11bdefc18a5b590716cefe2036f1f759ccb42fd3c22c420ac524a479ff9f01 The package mixpanel-lib was found to contain malicious code. Source: ghsa-malware 03fe07795e21df3debb6abf06b5b47f19ddd7996e5be6b06d8dd07fa37e7cd2f A...

Pornhub tells users to expect sextortion emails after data exposure

After a recent data breach that affected Pornhub Premium members, Pornhub has updated its online statement to warn users about potential direct contact from cybercriminals. “We are aware that the individuals responsible for this incident have threatened to contact impacted Pornhub Premium users...

OpenAI API User Data Exposed in Mixpanel Breach, ChatGPT Unaffected

OpenAI confirmed a third-party data breach via Mixpanel, exposing limited API user metadata like names, emails and browser…...

MAL-2025-190500 Malicious code in com.mixpanel.unity (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a617ed7539b6703818676ef051a6c12331b0e014026d1b56fb7d72775d7ad5a1 The package com.mixpanel.unity was found to contain malicious code. Source: ossf-package-analysis...

EUVD-2012-5472

Malware in sbrugna...

Malicious code in sheets-mixpanel (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-11454 Malicious code in sheets-mixpanel (npm)

--- -= Per source details. Do not edit below this line.=-...

Ring Doorbell App for Android Caught Sharing User Data with Facebook, Data-Miners

UPDATE Amazon’s Ring Doorbell app for Android is a nexus for data-harvesting, according to an investigation by the Electronic Frontier Foundation EFF. Privacy advocates allege Ring goes so far as to silently deliver updates on Ring customer usage to Facebook, even if the Ring owner doesn’t have a...

Liberapay: twitter api access token leaked on github

sensitive token were leaked on GitHub page of liberapay . also mixpanel token was leaked TWITTERCONSUMERKEY=QBB9vEhxO4DFiieRF68zTA TWITTERCONSUMERSECRET=mUymh1hVMiQdMQbduQFYRi79EYYVeOZGrhj27H59H78 +TWITTERACCESSKEY=34175404-G6W8Hh19GWuUhIMEXK0LyZsy7N9aCMcy1bYJ9rI...

CVE-2012-5585

Cross-site scripting XSS vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token...

Cross site scripting

Cross-site scripting XSS vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token...

CVE-2012-5585

Cross-site scripting XSS vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token...

CVE-2012-5585

Affected software: Drupal Mixpanel contributed module (6.x-1.x) prior to 6.x-1.1. Vulnerability: Cross-site scripting (XSS) due to insufficient escaping of the Mixpanel token when injecting the tracking Javascript. Prereq/impact: Requires a user with the “access administration pages” permission; ...

SA-CONTRIB-2012-167 - Mixpanel - Cross site scripting (XSS)

This module provides integration with the Mixpanel real-time analytics service. The module doesn't sufficiently escape the Mixpanel token when adding the tracking Javascript to the page. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access...