Malicious code in moneykit-cardano-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6186e5ec8b6cea4f1cec3b4284cf09f2e317dd7d745fb5f88e15b355497d08e package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host identifiers and OS files —...

CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

CVE-2021-39135

@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...

Malicious Package

strongpassword v0.0.7 is a malicious package. The vulnerability exists as it hides a remote code execution exploit in this version of the gem. The package contents from https://pastebin.com/raw/xa456PFt would then be executed...

Mandriva Linux Security Advisory : python-setuptools (MDVSA-2013:227)

A vulnerability has been discovered and corrected in python-setuptools/python-virtualenv : easyinstall in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute...