86 matches found
Malicious Package
Overview ig-phantomjs-binaries is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2019-0292
Malware in sbrugna...
EUVD-2021-1113
Malware in sbrugna...
EUVD-2019-0350
Malware in sbrugna...
EUVD-2019-0222
Malware in sbrugna...
EUVD-2022-5707
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-17221
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the...
Linux Distros Unpatched Vulnerability : CVE-2020-7739
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SS...
MAL-2025-29114 Malicious code in phantomjs-crawler-demo (npm)
The package phantomjs-crawler-demo was found to contain malicious code...
Malicious code in phantomjs-crawler-demo (npm)
The package phantomjs-crawler-demo was found to contain malicious code...
Malicious code in ig-phantomjs-binaries (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-839 Malicious code in ig-phantomjs-binaries (npm)
--- -= Per source details. Do not edit below this line.=-...
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors
Impact yt-dlp's DouyuTV and DouyuShow extractors used a cdn.bootcdn.net URL as a fallback for fetching a component of the crypto-js JavaScript library. When the Douyu extractor is used, yt-dlp extracts this JavaScript code and attempts to execute it externally using PhantomJS. bootcdn.net is owne...
GHSA-3V33-3WMW-3785 yt-dlp has dependency on potentially malicious third-party code in Douyu extractors
Impact yt-dlp's DouyuTV and DouyuShow extractors used a cdn.bootcdn.net URL as a fallback for fetching a component of the crypto-js JavaScript library. When the Douyu extractor is used, yt-dlp extracts this JavaScript code and attempts to execute it externally using PhantomJS. bootcdn.net is owne...
PT-2024-40055 · Phantomjs +2 · Phantomjs +2
Name of the Vulnerable Software and Affected Versions: yt-dlp versions prior to 2024.07.07 Description: The issue arises from yt-dlp's DouyuTV and DouyuShow extractors using a URL from cdn.bootcdn.net as a fallback for fetching a component of the crypto-js JavaScript library. This URL is owned by...
GHSA-GRVQ-VJQR-X8VM Code injection in webmagic-core
webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader...
WebMagic 代码注入漏洞
WebMagic is an open source Java web crawler framework for easily crawling data from the Internet. A security vulnerability exists in WebMagic webmagic-extension v0.9.0 and earlier versions, which stems from a code injection vulnerability in the component...
SUSE CVE-2019-17221
PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HT...
Malicious code in kara-phantomjs-launcher (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a1d7f48c0a82f0da502426b6d31515c48dbbf0bae15494b2a1a2f1735f4248b2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
192.168.0.172 (=4.6.1), 4pm-cli (>=0.0.1 <=0.0.5) +1149 more potentially affected by CVE-2019-17221 via phantomjs (>=0.2.0 <=2.1.1)
phantomjs NPM version =0.2.0, =0.0.1, =2.1.4, =0.1.28, =1.0.3, =4.5.201902251312, =1.5.0, =5.0.201901071713, =5.0.201812141540, =1.0.1-server20190117165116, =1.0.201901260938, =1.0.0, =1.0.0, =1.0.6 and more Source cves: CVE-2019-17221 Source advisory: OSV:GHSA-X43G-GJ9X-838X...