20 matches found
Malicious Package
Overview node-red-contrib-yolo-object-detection is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...
EUVD-2021-13309
Malware in sbrugna...
electron-staff (=1.0.0), https-curl (=1.7.9) +2 more potentially affected by CVE-2025-55294 via screenshot-desktop (>=0.0.0-development <=1.15.1)
screenshot-desktop NPM version =0.0.0-development, =1.0.0, =1.0.1 Source cves: CVE-2025-55294 Source advisory: OSV:GHSA-GJX4-2C7G-FM94...
Malicious code in @zalastax/nolb-node-red-contrib-i (npm)
The package @zalastax/nolb-node-red-contrib-i was found to contain malicious code...
MAL-2025-12667 Malicious code in @zalastax/nolb-node-red-contrib-a (npm)
The package @zalastax/nolb-node-red-contrib-a was found to contain malicious code...
Malicious code in node-red-contrib-wotkit (npm)
The package node-red-contrib-wotkit was found to contain malicious code...
MAL-2025-12670 Malicious code in @zalastax/nolb-node-red-contrib-d (npm)
The package @zalastax/nolb-node-red-contrib-d was found to contain malicious code...
MAL-2025-27650 Malicious code in node-red-contrib-xmlc14n (npm)
The package node-red-contrib-xmlc14n was found to contain malicious code...
MAL-2025-27651 Malicious code in node-red-contrib-ys7 (npm)
The package node-red-contrib-ys7 was found to contain malicious code...
Malicious code in @zalastax/nolb-node-red-contrib-4 (npm)
The package @zalastax/nolb-node-red-contrib-4 was found to contain malicious code...
MAL-2025-27646 Malicious code in node-red-contrib-storfly-iot-hp (npm)
The package node-red-contrib-storfly-iot-hp was found to contain malicious code...
MAL-2025-12664 Malicious code in @zalastax/nolb-node-red-contrib-2 (npm)
The package @zalastax/nolb-node-red-contrib-2 was found to contain malicious code...
MAL-2025-27641 Malicious code in node-red-contrib-flows_splitter (npm)
The package node-red-contrib-flowssplitter was found to contain malicious code...
Malicious code in node-red-contrib-xmlc14n (npm)
The package node-red-contrib-xmlc14n was found to contain malicious code...
CVE-2021-25864
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file...
MAL-2024-9242 Malicious code in node-red-contrib-lowwercase (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 577092139d0eab16ce212c5f1857a5bd55b8632d4d93358b21d74e379dbf7f60 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2021-26504
Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js...
Directory traversal
Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js...
Directory Traversal
node-red-contrib-huemagic is vulnerable to directory traversal. The vulnerability exists as the res.sendFile parameter in the API in hue-magic.js is not sanitized, allowing an attacker to fetch arbitrary files on the server by appending ../ to the URL of the target host...
CVE-2021-25864
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file...