Lucene search
K

44 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 12:53 p.m.9 views

Malicious code in @posthog/rrweb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e7ff62f7afccd552b5eff3833fa122ace1a2f8ef6447e4b372673896063098f The package @posthog/rrweb was found to contain malicious code. Source: ghsa-malware 8278c73c0fa29817d8923864303d2e24c5a7bd038a9f8a2cae587329a3837cab...

6.9AI score
Exploits0References4
OSV
OSV
added 2025/11/24 12:53 p.m.2 views

MAL-2025-190673 Malicious code in @posthog/rrweb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e7ff62f7afccd552b5eff3833fa122ace1a2f8ef6447e4b372673896063098f The package @posthog/rrweb was found to contain malicious code. Source: ghsa-malware 8278c73c0fa29817d8923864303d2e24c5a7bd038a9f8a2cae587329a3837cab...

6.8AI score
Exploits0References4
Veracode
Veracode
added 2023/06/07 6:53 a.m.13 views

Information Exposure

rrweb is vulnerable to information exposure. The vulnerability exists due to the password html input being set to to type="text" via the show password button, which can result in password exposure...

6.5CVSS6.8AI score0.00285EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/26 1:52 p.m.39 views

html inputs of type password recorded in plaintext when converted to text inputs

Impact Highlight may record passwords on customer deployments when a password html input is switched to type="text" via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates type="password" inputs. A customer may assume that switching to type="text"...

6.5CVSS6.9AI score0.00285EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder