Malicious Package

Overview @cloudplatform-single-spa/enterprise is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

Malicious code in weavedb-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 886f22636b5e4726978e23b10a4311fb7e65c2b10003da72429348fa617884d1 package.json declares "preinstall": "./vendor/setup", which runs a 976KB packed Linux x86 ELF binary sha256...

Malicious code in class-weaver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4e45cdd0a93db2db56ae7fd2c348305a5ce7aeab9c6fb4b2331c2a547b2c5e7 class-weaver advertises itself as a className/theme utility keywords clsx, utils, styling; exports named classNames and twMerge mimicking...

Astra Linux - уязвимость в node-ejs

The ejs also known as Embedded JavaScript templates package in Node.js before version 3.1.10 lacked certain measures to prevent pollution...

Malicious code in glass-of-water (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df79336313f71fac8158ff6f3e0160d0e99a8d1d84c452505fd3739af5838a69 glassofwater/init.py embeds 10 Google Gemini API keys AIzaSy... split across 5-part dictionaries and reassembled at runtime by getapikey L6-19. The...

Malicious code in venturo-playwright-runner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e63f5fe21c0fe70b9b120a217b3d1b14e765c47de231eb03d0d763c471fbd4e The package republishes Microsoft's @playwright/test under the unrelated name venturo-playwright-runner and falsifies its identity to claim Microsoft...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

CLEANSTART-2026-MP82813 Security fixes for CVE-2026-33186, CVE-2026-39882, CVE-2026-39883, CVE-2026-40179, ghsa-mqqf-5wvp-8fh8 applied in versions: 1.21.0-r0, 1.21.0-r1

Multiple security vulnerabilities affect the cortex package. These issues are resolved in later releases. See references for individual vulnerability details...

NPM: vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary

NPM: vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.5...

PT-2026-37365

These are all security issues fixed in the gnutls-3.8.13-1.1 package on the GA media of openSUSE Tumbleweed...

GHSA-VM22-5C7Q-8W8H vulnerabilities

Vulnerabilities for packages: chromium...

Malicious code in node-metrica (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 383d9c273b104a26749eb5f7f5ceb732c407b08002e5017418eb19563cb5b536 The package node-metrica was found to contain malicious code...

MAL-2026-2735 Malicious code in buildkite-test-collector-playwright-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9f3f80367ea53fbaf542c199729a13115d8d848157327188cf365303af1d1f3 The package buildkite-test-collector-playwright-example was found to contain malicious code...

admin-auth0 (>=0.1.1 <=0.1.5), aldryn-django (>=4.2.10.0 <=4.2.18.0) +126 more potentially affected by CVE-2026-4277 via django (>=4.2.0 <=4.2.3)

django PYPI version =4.2.0, =0.1.1, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =0.0.9, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =4.17.1 and more Source cves: CVE-2026-4277 Source advisory: OSV:PYSEC-2026-52...

SUSE: Security Advisory (SUSE-SU-2026:1058-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-PQ2Q-RCW4-3HR6 vulnerabilities

Vulnerabilities for packages: k3s...

Malicious code in batch-shipyard (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 83ca35f9b1e5fc77913037dde16ad175609dddc219e613c9dae7f752b112568f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in env-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9fdb2ca296901d2020b959a63ec369c661ac063698529ced5230cd04717a5c0 The package env-nodejs was found to contain malicious code...

Malicious code in ecto-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a678fddfc2d44cf68ad36ea2ec4225f695540faeefd1e528f65887f3f32555ef The package ecto-engine was found to contain malicious code...

Malicious code in yahoo-commerce (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3725b1c28bf27cb9ae988e61fc0c7b790b588587cef59086e7d63460f2241a9 The package yahoo-commerce was found to contain malicious code...