20478 matches found
Cross-site Scripting (XSS)
ibexa/admin-ui is vulnerable to cross-site scripting XSS. The vulnerability is due to improper escaping of user-controlled input in image asset names, content language names, and future publishing within the back office, which allows an attacker with editor or administrator-level permissions to...
Cross-Site Scripting (XSS)
ezsystems/ezplatform-admin-ui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of user-controlled input in image asset names, content language names, and future publishing features, which allows an attacker with back-office editor or administrator privilege...
Storybook manager bundle may expose environment variables during build
On December 11th, the Storybook team received a responsible disclosure alerting them to a potential vulnerability in certain built and published Storybooks. The vulnerability is a bug in how Storybook handles environment variables defined in a .env file, which could, in specific circumstances, le...
Shai Hulud 2.0, now with a wiper flavor
In September, a new breed of malware distributed via compromised Node Package Manager npm packages made headlines. It was dubbed "Shai-Hulud", and we published an in-depth analysis of it in another post. Recently, a new version was discovered. Shai Hulud 2.0 is a type of two-stage worm-like malwa...
Malicious code in org.mvnpm:posthog-node (Maven)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ea90a5928d7667bed4fa9f6effbbe6c8d3ad6521ca51ca2b01551bc02373a7d2 This package was compromised by the Sha1-Hulud: The Second Coming NPM worm. The malicious payload steals tokens and credentials and...
Malicious code in @voiceflow/tsconfig-paths (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fb7c02b11afed895db4edc03c6318bb09005f30253dcea72d4d1b0876478212 The package @voiceflow/tsconfig-paths was found to contain malicious code. Source: google-open-source-security...
Malicious code in @oku-ui/toolbar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03a495471a804035cd3e91e35335246931ccea65636ad279226ab2a39b0f1283 The package @oku-ui/toolbar was found to contain malicious code. Source: google-open-source-security...
Malicious code in @voiceflow/runtime (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a8c6b88ad67d8ceece37df9641f6712f7047aa566957d0937eb3ca99aed10dd The package @voiceflow/runtime was found to contain malicious code. Source: ghsa-malware...
Malicious code in axios-cancelable (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7210c0ae0996b1026ba173fc3f0628154433a7a8ba971106d24dab744d6d28ec The package axios-cancelable was found to contain malicious code. Source: ghsa-malware 34b03d17fe2a4d83f67cbda737712693abb19fc4da135fab010adb7aeeb82d...
Malicious code in @voiceflow/vitest-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75f61861d4cf96b95713be7af95e0e0480df49eb37236e6e59c838c165584781 The package @voiceflow/vitest-config was found to contain malicious code. Source: google-open-source-security...
Malicious code in @oku-ui/dismissable-layer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e3f3fce07b25fef3b52f9f9cccfdaa44fd55e8721c6d7c287e1fbd9379359f0 The package @oku-ui/dismissable-layer was found to contain malicious code. Source: google-open-source-security...
Malicious code in @pergel/nuxt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 254d004d3481a4de85486f384ce71966afc1887442207235accfc350ceab39cc The package @pergel/nuxt was found to contain malicious code. Source: google-open-source-security...
MAL-2025-191304 Malicious code in @productdevbook/motion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb45b7de755c9fc05b4e11c52b0fa3c376e5e02e755f4996eedbef4497428872 The package @productdevbook/motion was found to contain malicious code. Source: google-open-source-security...
Malicious code in @dev-blinq/ui-systems (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ce530512b608913637db50ce0058d08d5afb8173c8b5968023c9b9665bcde49 The package @dev-blinq/ui-systems was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191393 Malicious code in dialogflow-es (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc28670a312b03ed84a92c48dcc51356053c6dc516a8360a44e47eed31815486 The package dialogflow-es was found to contain malicious code. Source: google-open-source-security...
MAL-2025-191269 Malicious code in @oku-ui/provide (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bceb097a6beb77ac5fc263ee454d0ecd1017974f1c061ea01befb653de24d561 The package @oku-ui/provide was found to contain malicious code. Source: google-open-source-security...
MAL-2025-191290 Malicious code in @posthog/filter-out-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e29182ef33e7d24b6f775624daaa2eb546ce24fe4d768adf7c561c4e7084d5ff The package @posthog/filter-out-plugin was found to contain malicious code. Source: google-open-source-security...
MAL-2025-191381 Malicious code in @voiceflow/utils-designer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d83852017d65f3a25b666647c727aaa3aa5db8f3916196a20d92b476e0e8f13 The package @voiceflow/utils-designer was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191400 Malicious code in nuxt-keycloak (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbb088ab2b0e4b6991065c6bcdc57302ff545bb3fe2f2a73ec21fafeae1175f8 The package nuxt-keycloak was found to contain malicious code. Source: google-open-source-security...
MAL-2025-191357 Malicious code in @voiceflow/nestjs-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6d3635e3e4ea7fe67bd91fc10dbb52d16b29a74193117747292587c6fd1d5ef The package @voiceflow/nestjs-common was found to contain malicious code. Source: ghsa-malware...