17 matches found
Malicious code in study-lab-npm-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ddc0a35e84f7b481414283261b7ca20709c25f15da68f387188a9eb0def1b523 The package study-lab-npm-test was found to contain malicious code...
EUVD-2020-1172
Malware in sbrugna...
Malicious code in npm-test-install (npm)
The package npm-test-install was found to contain malicious code...
Malicious code in beishanxueyuan-npm-test (npm)
The package beishanxueyuan-npm-test was found to contain malicious code...
MAL-2025-27847 Malicious code in npm-test-install (npm)
The package npm-test-install was found to contain malicious code...
Malicious code in npm-test-lowerx3 (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9184 Malicious code in shmam-test-npm-test-5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b028136f8820f808eb720a45a7f396272c884a63944c004999ce50781449b6d7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview bbq-123-npm-test is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...
Malicious code in npm-test-failer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f5a379a5c56d0b7d910cd1583efec3a5fe98687eef6cc10097b99682dbde7ac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4942 Malicious code in npm-test-failer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f5a379a5c56d0b7d910cd1583efec3a5fe98687eef6cc10097b99682dbde7ac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Downloads Resources over HTTP in npm-test-sqlite3-trunk
Affected versions of npm-test-sqlite3-trunk insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...
GHSA-MF7C-58Q5-7V65 Downloads Resources over HTTP in npm-test-sqlite3-trunk
Affected versions of npm-test-sqlite3-trunk insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...
CVE-2016-10695
The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...
Remote code execution
The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...
CVE-2016-10695
The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...
CVE-2016-10695
The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...
Malicious Test Script
ladder-text-js is vulnerable to malicious test script. The package contains a malicious test script that attempts to delete all files on the system when the npm test command is run...