27 matches found
EUVD-2025-124357
Malicious code in nodejs-framework-taurus-pyxis npm...
GHSA-4MXG-3P6V-XGQ3 Node-SAML SAML Signature Verification Vulnerability
Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any...
Malicious Package
Overview klook-node-framework-cache is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Note: This malicious package was uncover...
Malicious Package
Overview klook-node-framework is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Note: This malicious package was uncovered by...
Malicious Package
Overview klook-node-framework-country is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Note: This malicious package was...
Malicious Package
Overview klook-node-framework-currency is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Note: This malicious package was...
Malicious Package
Overview klook-node-framework-device is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Note: This malicious package was...
Malicious Package
Overview klook-node-framework-experiment is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Note: This malicious package was...
Malicious Package
Overview klook-node-framework-site is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Note: This malicious package was uncovere...
Malicious code in klook-node-framework-affiliate (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21b1cdc9ea951f92ba3f8f343451ce74f4664b7bdb1ff86366e482f2e7e64d20 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-383 Malicious code in @klooks/klook-node-framework (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware baad0360ec71158eb645316dc4409dfa8d384703bf0ac982711d1b07c46cda66 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in klook-node-framework (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac3ca851b52bc50b184ac2ebca0e2283c3d3fab6ea094f79dcc14b95b2773cb9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4180 Malicious code in klook-node-framework-affiliate (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21b1cdc9ea951f92ba3f8f343451ce74f4664b7bdb1ff86366e482f2e7e64d20 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @klooks/klook-node-framework (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware baad0360ec71158eb645316dc4409dfa8d384703bf0ac982711d1b07c46cda66 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4183 Malicious code in klook-node-framework-currency (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6dfbd858e876e2b63bc6ef2abe24353357a0ac6a6f97ed538729463089dc205b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in klook-node-framework-language (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1eed60bd55fdabc1815373bcf1c8f18cd1d1d60b52918c8b04498c826bba9044 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4182 Malicious code in klook-node-framework-country (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0b053bd6066e9b0bea2f93700dbe3c90ebd99848471f6861000846edf0a2d9b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4181 Malicious code in klook-node-framework-cache (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4267822732a6d0f193fd615a76cc4ef9c1bf9aeea6a25a63e3a0b68690360e9f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4187 Malicious code in klook-node-framework-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7e4d6c6021022e6b3003b4d5c34f53d48767cb50cdc35f94b30d527e19e4f11 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4188 Malicious code in klook-node-framework-site (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db3790c54915e431cf9b3177bb3d1ecf05ede64d886816930b922bb93a0c0a95 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...