CVE-2026-44972

GuardDog (CLI) versions 2.6.0–2.9.0 output attacker-controlled filenames, file locations, messages, and code snippets without escaping terminal control characters. This allows injection of ANSI/OSC escape sequences into analyst terminals or CI logs, enabling terminal manipulation or spoofed outpu...

CVE-2026-44972 GuardDog: Unsanitized human-readable scan output allows terminal escape injection from malicious package content

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

MAL-2025-159188 Malicious code in makan-aigoa-iaum (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57a3b86437a02431772340472e041f31a700621fa65081d948e7db488d33df72 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eslint-plugin-process-sails-update (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54131fa2d2dcc4b78de6cb5b6d09342e6dc5740aaa9fbbe5e0ec5cac6985a259 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in characteristic_mite_aqua-23 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5185433554a44e8b08af8cd172e3af0b0cb7a7dc5e2172a05144f88c5cf0b133 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cici-ketoprak32-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4ffc9074c0d0e217926727cd27d0771a05956fe896e122a3e3dc367a73aaaa9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-68588 Malicious code in grieving-amethyst-tuna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 747575ade7f734a7f2a68f956dc0d042ef62ddbfa251fba3fe90dc5b0c8845ad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2024-42381

os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which...

Man-in-the-Middle (MitM)

caelum-stella is vulnerable to man-in-the-middle attacks. The library resolves dependencies via an insecure HTTP channel, allowing a man-in-the-middle attacker to intercept and modify package content and potentially introduce malicious code into the downloaded dependencies...