Lucene search
K

40 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/22 5:55 p.m.8 views

Malicious code in @emilgroup/gdv-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c4f423945b0d9a114bae821ae46ab06d9850ba5611917eb80d940c47771e3ed The package @emilgroup/gdv-sdk-node was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/03/22 5:55 p.m.6 views

MAL-2026-2049 Malicious code in @emilgroup/gdv-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c4f423945b0d9a114bae821ae46ab06d9850ba5611917eb80d940c47771e3ed The package @emilgroup/gdv-sdk-node was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
Snyk
Snyk
added 2026/03/20 10:0 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/20 10:0 p.m.5 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/20 10:0 p.m.4 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/20 10:0 p.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/20 10:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/20 10:0 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/19 11:0 p.m.6 views

Embedded Malicious Code

Overview @emilgroup/document-sdk-node is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released o...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/19 11:0 p.m.4 views

Embedded Malicious Code

Overview @emilgroup/gdv-sdk-node is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/19 11:0 p.m.6 views

Embedded Malicious Code

Overview @emilgroup/changelog-sdk-node is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released ...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in aws-xray-sdk-node (npm)

The package aws-xray-sdk-node was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-15232 Malicious code in aws-xray-sdk-node (npm)

The package aws-xray-sdk-node was found to contain malicious code...

7.2AI score
Exploits0
vulnersOsv
vulnersOsv
added 2020/05/19 9:0 p.m.14 views

@internxt/cli (>=1.0.5 <=1.2.2), @latitude-data/cli (>=0.0.29 <=1.11.0-canary.8) +10 more potentially affected by CVE-2020-7660 via serialize-javascript (>=7.0.0 <=7.0.2)

serialize-javascript NPM version =7.0.0, =1.0.5, =0.0.29, =0.7.5, =1.3.0, =0.1.0, =1.0.7, =0.2.0, =0.7.0-alpha.6 Source cves: CVE-2020-7660 Source advisory: SNYK:JS-SERIALIZEJAVASCRIPT-570062...

8.1CVSS7.2AI score0.03009EPSS
Exploits0
OSV
OSV
added 2019/02/18 11:50 p.m.15 views

GHSA-P2HM-8725-C8X8 Downloads Resources over HTTP in cue-sdk-node

Affected versions of cue-sdk-node insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

9.3CVSS8.1AI score0.01752EPSS
Exploits0References3
CNVD
CNVD
added 2018/05/31 12:0 a.m.5 views

cue-sdk-node code execution vulnerability

cue-sdk-node is a Node.js plugin for loading and using the Cue SDK in JavaScript. A security vulnerability exists in cue-sdk-node that originates when the program downloads compressed resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested zi...

9.3CVSS7.1AI score0.01752EPSS
Exploits0References1
Veracode
Veracode
added 2018/05/30 6:7 a.m.18 views

Man In The Middle (MitM)

cue-sdk-node is vulnerable to man-in-the-middle MitM attacks. This is because the libraries download zipped resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested zipped file with an attacker controlled zipped file if the attacker is o...

8.1CVSS8.3AI score0.01752EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/05/29 8:29 p.m.15 views

Remote code execution

cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker i...

9.3CVSS8AI score0.01752EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/05/29 8:0 p.m.53 views

CVE-2016-10590

CVE-2016-10590 affects the Node.js wrapper cue-sdk-node, which downloads zipped resources over HTTP. The underlying issue is insecure HTTP transfers that enable a MITM attacker to swap the requested zip with a malicious one, potentially enabling remote code execution on the host. The public advis...

9.3CVSS8.3AI score0.01752EPSS
Exploits0References1Affected Software1
Node.js
Node.js
added 2016/12/01 12:23 a.m.44 views

Downloads Resources over HTTP

Overview Affected versions of cue-sdk-node insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...

9.3CVSS6.2AI score0.01752EPSS
Exploits0Affected Software1
Rows per page
Query Builder