Lucene search
K

4 matches found

OSV
OSV
added 2026/06/19 4:35 p.m.22 views

GHSA-Q7J3-V8QV-22VQ OpenTofu: Possible arbitrary file read during certain git operations via a maliciously crafted URL

Impact Possible data exposure. Summary While downloading packages from a maliciously crafted URL, some git operations against that URL could allow arbitrary file read. This might allow disclosure of confidential information. Details OpenTofu relies on go-getter for downloading packages like...

7.5CVSS6AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 7:42 a.m.14 views

Malicious code in @chahuadev/junk-sweeper-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d446150767f92344d8d0a699f5879bd746200fb8beb60554408699868f03d51 The package's postinstall script package.json line 10: "postinstall": "node install.js" unconditionally fetches a platform-native executable from...

5.8AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/01/27 12:30 p.m.9 views

uniapi version 1.0.7 contained an information harvesting script.

uniapi version 1.0.7 introduces code that would execute on import of the module and download a script from a remote URL, and would then execute the downloaded script in a thread. The downloaded script would harvest system information and POST the information to another remote URL. This code was...

7.2AI score
Exploits0References4Affected Software1
OSV
OSV
added 2025/01/24 7:56 p.m.4 views

PYSEC-2025-2 uniapi version 1.0.7 contained an information harvesting script.

uniapi version 1.0.7 introduces code that would execute on import of the module and download a script from a remote URL, and would then execute the downloaded script in a thread. The downloaded script would harvest system information and POST the information to another remote URL. This code was...

7.3AI score
Exploits0References2
Rows per page
Query Builder