2 matches found
Malicious code in roidjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46b2c3afc1b9dd20ecad5f3b47c333e8324500e3d0102df362aa7c11a60469a0 package.json declares "preinstall": "./bin/install-deps", which causes npm install roidjs to auto-execute bin/install-deps — a 976,568-byte Linux x86...
CVE-2026-35205
A flaw was found in Helm, a package manager for Kubernetes. A remote attacker could exploit this vulnerability by providing a malicious plugin that lacks a provenance file. Even when signature verification is enabled, Helm would incorrectly install this unverified plugin, bypassing critical...