2 matches found
MAL-2026-4663 Malicious code in roidjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46b2c3afc1b9dd20ecad5f3b47c333e8324500e3d0102df362aa7c11a60469a0 package.json declares "preinstall": "./bin/install-deps", which causes npm install roidjs to auto-execute bin/install-deps — a 976,568-byte Linux x86...
CVE-2026-35205
Helm's plugin verification flaw allows installation of unsigned plugins when provenance (.prov) is missing, bypassing signature verification. Affected are Helm versions 4.0.0–4.1.3; the issue is fixed in 4.1.4.