Lucene search
K

9 matches found

Github Security Blog
Github Security Blog
added 6 days ago5 views

pnpm: Unsafe default behavior breaks integrity check

While it is unclear whether this should be classified as a vulnerability, it is being reported through this channel because the current behavior may represent an unsafe default. Summary pnpm install in non-frozen mode can accept new remote package content after detecting that the downloaded tarba...

8.1CVSS5.7AI score0.00113EPSS
Exploits1References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:29 p.m.13 views

Malicious code in ui-ng-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 198750c8e5d6f4d8a3f3f788a2fd9286f43b5a447bb0e3495b50663c44ddd2a7 Package [email protected] is an empty shell index.js exports , no author, no description, no functionality with a single dependency declared as...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/09 5:29 p.m.10 views

MAL-2026-5454 Malicious code in ui-ng-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 198750c8e5d6f4d8a3f3f788a2fd9286f43b5a447bb0e3495b50663c44ddd2a7 Package [email protected] is an empty shell index.js exports , no author, no description, no functionality with a single dependency declared as...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:27 p.m.9 views

Malicious code in tivo-codelib-a (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c187e845e4c0d637709021a287c758e0206cb7adc46517391df4724d8af8cb7 [email protected] is an empty-stub npm package whose index.js exports module.exports = and whose package metadata description, author is blank. I...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:25 p.m.10 views

Malicious code in @webda-features/dashboard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3698e6d2d9b93092104883c8f7e4ffcd602d31d3fd3ae2574850ea6ad15e8437 The package is an empty wrapper index.js contains only module.exports = ; whose sole effect on install is to resolve a single dependency declared as ...

6AI score
Exploits0References2
OSV
OSV
added 2026/05/20 6:16 a.m.7 views

MAL-2026-4432 Malicious code in @sec-loans-ui/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da55a9be9d9f90abe00e16200ea17aa78f58643e40d872d04276453dfd8a88f9 Package is a hollow lure: index.js is a 35-byte stub module.exports = , description and author are empty, and the version is bumped to 99.9.1 — the...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/20 2:28 a.m.8 views

MAL-2026-4460 Malicious code in @trackking/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64d51e587bc0b6508fa3d38027f18d42d9ab4b6ccdb8dd2760543e8c52d6bb18 @trackking/[email protected] is an empty stub: index.js is module.exports = , package.json has no description, no author, ISC license, and a high-number...

5.6AI score
Exploits0References2
PyPA
PyPA
added 2023/04/21 9:15 p.m.5 views

PYSEC-2023-27

mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...

7.5CVSS6.5AI score0.01EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/30 6:4 p.m.8 views

CVE-2022-23522 Arbitrary File Write when Extracting Tarballs retrieved from a remote location using in mindsdb

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...

8.5CVSS8.6AI score0.00883EPSS
Exploits1References1
Rows per page
Query Builder