15 matches found
MAL-2025-89645 Malicious code in putri-donat75-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea059dbfe4011041338bfaeb8b693c6b3e0532c743474bb463e0f0b9a5a4706b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-89250 Malicious code in oktafian-gudeg46-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79babee1eeaae3ce3e5bcd2fb9ceec8fd5d3abb6f07a2bdae46fa3748c1b2042 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-76048 Malicious code in vida-tiwul36-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1edc23caa97f9f65398fda51ea494c18eb88a6464330769904302c3ea6ea2b77 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2017-18355
Installed packages are exposed by nodemodules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "where" attribute of package.json files...
CVE-2017-18355
Installed packages are exposed by nodemodules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "where" attribute of package.json files...
mssql-node is malware
The mssql-node package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this module is malware, if you find it installed in your environment, the real security conce...
nodemssql is malware
The nodemssql package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security conce...
GHSA-J68R-23HJ-XF9C node-openssl is malware
The node-openssl package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...
GHSA-3WXQ-7R8M-QPMG ffmepg is malware
The ffmepg package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concern ...
GHSA-VV6Q-9CFW-4C83 smb is malware
The smb package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concern is...
GHSA-4G54-95XV-F353 http-proxy.js is malware
The http-proxy.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...
Hijacked Environment Variables
Overview The shadowsock package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...
Hijacked Environment Variables
Overview The nodemailer.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...
Hijacked Environment Variables
Overview The ffmepg package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...
Hijacked Environment Variables
Overview The tkinter package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real securit...