Malicious code in hardhat-starter-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 127bcfdba774e2dd942b89041f670f62c7523c32b766606d81a1b229b961b1a4 The package hardhat-starter-kit was found to contain malicious code...

MAL-2026-2769 Malicious code in hardhat-starter-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 127bcfdba774e2dd942b89041f670f62c7523c32b766606d81a1b229b961b1a4 The package hardhat-starter-kit was found to contain malicious code...

Malicious code in ccip-starter-kit-hardhat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18950b48cb8b769d2cda9645f7c64f05698aad343186a22e3a84af7662856c39 The package ccip-starter-kit-hardhat was found to contain malicious code...

MAL-2026-2739 Malicious code in ccip-starter-kit-hardhat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18950b48cb8b769d2cda9645f7c64f05698aad343186a22e3a84af7662856c39 The package ccip-starter-kit-hardhat was found to contain malicious code...

CVE-2026-0759

Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Katana Network Development Starter Kit. Authentication is not required to exploit this...

CVE-2026-0759

Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Katana Network Development Starter Kit. Authentication is not required to exploit this...

CVE-2026-0759 Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability

Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Katana Network Development Starter Kit. Authentication is not required to exploit this...

CVE-2026-0759 Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability

Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Katana Network Development Starter Kit. Authentication is not required to exploit this...

PT-2026-1989

Name of the Vulnerable Software and Affected Versions Katana Network Development Starter Kit affected versions not specified Description The Katana Network Development Starter Kit contains a command injection flaw in the executeCommand function, potentially allowing remote code execution. The iss...

(0Day) Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Katana Network Development Starter Kit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the executeCommand method. The issue result...

EUVD-2002-1508

Malware in sbrugna...

EUVD-2024-19411

Malicious code in bioql PyPI...

EUVD-2025-27167

Malicious code in bioql PyPI...

CVE-2025-54994

@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP...

CVE-2025-54994

CVE-2025-54994 affects the MCP Server Starter kit @akoskm/create-mcp-server-stdio. The vulnerable component is the which-app-on-port tool that uses Node.js child_process.exec, exposing command-injection risk when user input is unsafely concatenated into shell commands. Affected versions precede 0...

CVE-2025-54994 @akoskm/create-mcp-server-stdio has Command Injection in MCP Server due to unsafe `exec` API

@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP...

Malicious code in mns-fe-starter-kit (npm)

The package mns-fe-starter-kit was found to contain malicious code...

Malicious code in oscshp-frontend-starter-kit (npm)

The package oscshp-frontend-starter-kit was found to contain malicious code...

@wcd/gqio.angular-element-starter-kit (=0.1.0), @wcd/gqio.angular-element-todo (=0.1.0) +1 more potentially affected by unknown CVE via platform-browser (=0.0.1-security)

platform-browser NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on platform-browser and may be impacted: - @wcd/gqio.angular-element-starter-kit =0.1.0 - @wcd/gqio.angular-element-todo =0.1.0 - clinicaamandao =1.0.0 Source cve...

MAL-2025-26540 Malicious code in mns-fe-starter-kit (npm)

The package mns-fe-starter-kit was found to contain malicious code...