12 matches found
Malicious code in @shije/new-qs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c217f00985a52bf4f5fbfa5dc34780dec977ad068e3d7f410e3ffa43a1df1e7d The package @shije/new-qs was found to contain malicious code. Source: ghsa-malware 78d2627d513a4310f6f6edc23265e8b98bd4d9f33fca8ff85b0380275e54bfd9...
MAL-2025-192576 Malicious code in sd-security (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 429e5a82bf0260fda2c531fb7909cf8b8417e424119df889ee7bad0ca4b439c2 The package sd-security was found to contain malicious code. Source: ghsa-malware e295e65302840407a5f64ae51ff2616121573aa518cd29d40198edf692c604de An...
CVE-2025-56795
CVE-2025-56795 affects Mealie 3.0.1 and earlier, with a stored XSS in the recipe creation feature. Unsanitized input in the note/text fields of the path “/api/recipes/{recipe_name}” is rendered in the frontend without proper escaping, causing persistent XSS. Root cause: lack of input sanitization...
Malicious code in com.unity.multiplayer.tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2c13b40d85fcab5bdfc69f73e935783405ed1d0304f221df3da1726462e86953 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Security Researchers Warn a Widely Used Open Source Tool Poses a 'Persistent' Risk to the US
The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK, whose CEO has been sanctioned, have researchers sounding the alarm...
Malicious code in my-app-name (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3b688286528def3945fc6d678e314a2678fdddd35def920c64e4c311a29d416 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in updated-script-retail-tycoon-2-script-h-a-c-k-9u9pw3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 10991d290106057e87a9d1c0c73b0dd03e2ccad25e2eaef6547a2feb1551f4c0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @juiggitea/alias-excepturi-quod-aut (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 123c306817265ec80fca6a2c46d5b684a96b4d89b1f0dfe63eaf585e754a3a47 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @spgy/eslint-plugin-spgy-fe (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f153ed03ad775543b9a2c5ba45f744fdb6dc3bdd3de7734a273488881a1353a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in tohe-doc-resources (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17a9a9c63d20d34ca8cd59f2c43090e89223718888b73e20c38ba84477ee6d02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in uniswap.org (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df9e81c2cfb7449079ce04d2d397b16d6610f7a1d6316d8632fab2f5a979b1fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in adbuil (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0861227eb6092939065e8aff16bbeea5a698ff9376aada45b9828c82547551a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...