CVE-2022-33002

The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

Malicious code in comet-auth-html-webpack-plugin-request (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f5b037c3a10e0eb5d63054a411dd6a2daeb791121c669593b5602687a52454b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146087 Malicious code in perseus-gatsby-equinox-request (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d11dc9a6038a3ad3bd8fa71b599fcc9c1430d0cf3e245e839ea332331697c60a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-80322

Malicious code in tensedamselfly0xrequest npm...

EUVD-2025-81327

Malicious code in ltdblackbird0xrequest npm...

EUVD-2022-0368

Malicious code in bioql PyPI...

CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2023-24107

hourofcodepython2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package requirements.txt. This vulnerability allows attackers to access sensitive user information and execute arbitrary code...

Malicious code in web3-request-1-8-54 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in @hongfangze/http-request (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 329e7512b9a53734a0d6d5318623dd66ecc2b6294c46e8418bd5d888ad31eb69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Linux Distros Unpatched Vulnerability : CVE-2023-28155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker- controller server that does a cross-protocol redirect HTTP t...

Malicious code in requesr (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b792f17b467610a1021820a7718884aa436487a9ec75d5ebf889d400efeaec24 Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory. --- Category:...

Malicious code in reqest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 35a7c05f500ebad2694b0b98105f189762f1892d35081dfd36a47787a2205f59 Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory. --- Category:...

Malicious code in romeo_is_here_get-request-package (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-11439 Malicious code in romeo_is_here_get-request-package (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2021-47621 vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-4.0, management-api-for-apache-cassandra-4.1, management-api-for-apache-cassandra-5.0...

Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js Request package (CVE-2023-28155)

Summary A vulnerability in Node.js Request package through 2.88.1 affects the Node.js component that is used by IBM Event Streams CVE-2023-28155. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerable to server-side...

Odoo 安全漏洞

Odoo is a set of enterprise resource planning ERP and customer relationship management CRM system from Odoo Belgium. The system is developed in Python, with PostgreSQL as the database, and includes modules for sales management, inventory management, and financial management. A security...

GHSA-P8P7-X288-28G6 Server-Side Request Forgery in Request

The request package through 2.88.2 for Node.js and the @cypress/request package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: The request package is no longer supported by the maintain...

CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...