Lucene search
K

6 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 12:59 a.m.16 views

Malicious code in weavedb-node-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d174728fc7469b023ece1980797185c35abd74c56e253bc1dc1b295a46a1dbd2 package.json declares "preinstall": "./tools/setup", unconditionally executing a 976KB UPX-packed, stripped Linux x86 ELF on every npm install. The...

6AI score
Exploits0References3
OSV
OSV
added 2026/05/26 12:59 a.m.11 views

MAL-2026-4721 Malicious code in weavedb-node-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d174728fc7469b023ece1980797185c35abd74c56e253bc1dc1b295a46a1dbd2 package.json declares "preinstall": "./tools/setup", unconditionally executing a 976KB UPX-packed, stripped Linux x86 ELF on every npm install. The...

6AI score
Exploits0References3
Snyk
Snyk
added 2026/04/03 3:15 a.m.3 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the node.event process. An attacker can gain unauthorized access to gateway-side tools and execute arbitrary code by dispatching unrestricted agent requests fro...

8.8CVSS6.3AI score0.00444EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/20 4:40 p.m.4 views

Malicious code in spex-node-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a39b71a7706221a863e8129674f28f4e5a1aec4ad4dfca5cdb243a0a4916901 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.3 views

MySQL2 安全漏洞

MySQL2 is a MySQL client for Node.js by the individual developer Andrey Sidorov. A security vulnerability exists in MySQL2 versions prior to 3.9.3, which stems from incorrect input validation via the keyFromFields function, leading to cache poisoning...

6.5CVSS6.3AI score0.00744EPSS
Exploits1References5
Snyk
Snyk
added 2022/08/19 8:11 a.m.1 views

Malicious Package

Overview opentelemerty-node-client is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

9.8CVSS7.1AI score
Exploits0References3
Rows per page
Query Builder