81910 matches found
Malicious code in @iflow-mcp/watercrawl-watercrawl-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 824ca65d425a95c473a1bd8d193811e3ab4a816ba82e3e2950e5dde508ae2bd0 The package @iflow-mcp/watercrawl-watercrawl-mcp was found to contain malicious code. Source: ghsa-malware...
Malicious code in @aifabrix/miso-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ddcc2128fa9a68b4ccf29899647a346301d90cb84cb45c30863872c44e2b3ae The package @aifabrix/miso-client was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1929 Malicious code in @aifabrix/miso-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ddcc2128fa9a68b4ccf29899647a346301d90cb84cb45c30863872c44e2b3ae The package @aifabrix/miso-client was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1928 Malicious code in changelog-logger-wrap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector caec1e4b5fc6ded7cff261c7800c1e9753b865564ac6af1674b9450e4c15f577 The package changelog-logger-wrap was found to contain malicious code. Source: ghsa-malware...
Malicious code in changelog-logger-wrap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector caec1e4b5fc6ded7cff261c7800c1e9753b865564ac6af1674b9450e4c15f577 The package changelog-logger-wrap was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1927 Malicious code in changelog-logger-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34f7f28c6593ecad4f4308faa51ad2d06d6feb541dbc1ab634179bced34a3d95 The package changelog-logger-utils was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview tokenshower is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
MAL-2026-1926 Malicious code in tokenshower (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e31db2e66d226160d10fe5f31a29d7b95cba1d0751cc575c0cf6130679170c7a The package tokenshower was found to contain malicious code. Source: ghsa-malware f9fdcfed91dfe75ee3b371ba973a183f42ff3085a29be233f33b5e34249d18cf An...
MAL-2026-1925 Malicious code in jsonify-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ef3f7d9cb714309502cac987c904c29a8eda1fda1fcd8f5fffabfa339a64369 The package jsonify-parser was found to contain malicious code. Source: ghsa-malware 4d17ffa1ebe907cee2cc4cf5fd22ab76acd112213237bcac49b62b06a002c1cb...
CVE-2026-23268 apparmor: fix unprivileged local user can do privileged policy management
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix unprivileged local user can do privileged policy management An unprivileged local user can load, replace, and remove profiles by opening the apparmorfs interfaces, via a confused deputy attack, by passing the opened...
Malicious code in chai-as-constrained (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea5f87c9fffb9b32d6390a3922c9a8bfc616a693910c9a8d7599cfa8ef11c9e9 The package chai-as-constrained was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1493 Malicious code in pino-logger-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5c908d1d5a0d2a6a517ef1aa6e7ab5b7ddc8644dc39730c2629f0226a69121a The package pino-logger-utils was found to contain malicious code. Source: ghsa-malware...
Malicious code in pino-logger-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5c908d1d5a0d2a6a517ef1aa6e7ab5b7ddc8644dc39730c2629f0226a69121a The package pino-logger-utils was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1492 Malicious code in strapi-plugin-workspace-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 360f06861421eccfdc69a5f18ecfe67b3785cb24bb1b0d1e6dd3f5d65df20f20 The package strapi-plugin-workspace-plugin was found to contain malicious code. Source: ghsa-malware...
Malicious code in strapi-plugin-workspace-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 360f06861421eccfdc69a5f18ecfe67b3785cb24bb1b0d1e6dd3f5d65df20f20 The package strapi-plugin-workspace-plugin was found to contain malicious code. Source: ghsa-malware...
Malicious code in asset-delivery (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff566136dd4e76e6bc8da12a23345712a57b375d3d0586ee36922cc0ffbbf880 The package asset-delivery was found to contain malicious code. Source: ghsa-malware ce9daf86327543018f44899bd8967bf2b927d6f1d9267b6726281b5ea0765868...
MAL-2026-1489 Malicious code in asset-delivery (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff566136dd4e76e6bc8da12a23345712a57b375d3d0586ee36922cc0ffbbf880 The package asset-delivery was found to contain malicious code. Source: ghsa-malware ce9daf86327543018f44899bd8967bf2b927d6f1d9267b6726281b5ea0765868...
MAL-2026-1491 Malicious code in graphlib-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fc5e5e2ae1439a28be92e99758c3253bf2bd09a568712a5d0725553b4836eaf The package graphlib-js was found to contain malicious code. Source: ghsa-malware 375768659fc55b18acf652226fabd9052c10c4f88d36f150317532bc8661df13 An...
Malicious code in graphlib-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fc5e5e2ae1439a28be92e99758c3253bf2bd09a568712a5d0725553b4836eaf The package graphlib-js was found to contain malicious code. Source: ghsa-malware 375768659fc55b18acf652226fabd9052c10c4f88d36f150317532bc8661df13 An...
GHSA-MW24-F3XH-J3QV Chall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespace
Impact Due to a mis-written NetworkPolicy, a malicious actor can pivot from an instance to any Pod out of the origin namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. In the specific case of...