40 matches found
Malicious code in @emilgroup/gdv-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c4f423945b0d9a114bae821ae46ab06d9850ba5611917eb80d940c47771e3ed The package @emilgroup/gdv-sdk-node was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2049 Malicious code in @emilgroup/gdv-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c4f423945b0d9a114bae821ae46ab06d9850ba5611917eb80d940c47771e3ed The package @emilgroup/gdv-sdk-node was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...
Embedded Malicious Code
Overview @emilgroup/document-sdk-node is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released o...
Embedded Malicious Code
Overview @emilgroup/gdv-sdk-node is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM...
Embedded Malicious Code
Overview @emilgroup/changelog-sdk-node is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released ...
Malicious code in aws-xray-sdk-node (npm)
The package aws-xray-sdk-node was found to contain malicious code...
MAL-2025-15232 Malicious code in aws-xray-sdk-node (npm)
The package aws-xray-sdk-node was found to contain malicious code...
@internxt/cli (>=1.0.5 <=1.2.2), @latitude-data/cli (>=0.0.29 <=1.11.0-canary.8) +10 more potentially affected by CVE-2020-7660 via serialize-javascript (>=7.0.0 <=7.0.2)
serialize-javascript NPM version =7.0.0, =1.0.5, =0.0.29, =0.7.5, =1.3.0, =0.1.0, =1.0.7, =0.2.0, =0.7.0-alpha.6 Source cves: CVE-2020-7660 Source advisory: SNYK:JS-SERIALIZEJAVASCRIPT-570062...
GHSA-P2HM-8725-C8X8 Downloads Resources over HTTP in cue-sdk-node
Affected versions of cue-sdk-node insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
cue-sdk-node code execution vulnerability
cue-sdk-node is a Node.js plugin for loading and using the Cue SDK in JavaScript. A security vulnerability exists in cue-sdk-node that originates when the program downloads compressed resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested zi...
Man In The Middle (MitM)
cue-sdk-node is vulnerable to man-in-the-middle MitM attacks. This is because the libraries download zipped resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested zipped file with an attacker controlled zipped file if the attacker is o...
Remote code execution
cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker i...
CVE-2016-10590
CVE-2016-10590 affects the Node.js wrapper cue-sdk-node, which downloads zipped resources over HTTP. The underlying issue is insecure HTTP transfers that enable a MITM attacker to swap the requested zip with a malicious one, potentially enabling remote code execution on the host. The public advis...
Downloads Resources over HTTP
Overview Affected versions of cue-sdk-node insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...