Lucene search
K

7 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 5:27 p.m.9 views

Malicious code in strapi-plugin-api (npm)

strapi-plugin-api is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. It...

6AI score
Exploits0References2
Snyk
Snyk
added 2025/11/24 4:24 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Snyk
Snyk
added 2021/07/29 8:57 a.m.2 views

Malicious Package

Overview acookie is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the acookie package. Credit: Snyk Research...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2021/07/29 6:53 a.m.0 views

Malicious Package

Overview firebase-extensions is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the firebase-extensions package. Credit: Snyk Research...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2021/03/07 11:14 a.m.2 views

Malicious Package

Overview paychex-framework-core-ui is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the paychex-framework-core-ui package. Credit: Snyk Research...

10CVSS6.8AI score
Exploits0References2
CNVD
CNVD
added 2018/06/13 12:0 a.m.3 views

Unspecified vulnerability in nodecaffe

nodecaffe is a package that allows JavaScript to inspect Caffe layers and content. A security vulnerability exists in nodecaffe. An attacker could exploit the vulnerability to steal environment variables...

7.5CVSS7.5AI score0.01177EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/13 12:0 a.m.3 views

Unspecified vulnerability in ffmepg

ffmepg is a package that steals environment variables. A security vulnerability exists in ffmepg. An attacker can exploit the vulnerability to steal environment variables...

7.5CVSS7.6AI score0.01177EPSS
Exploits0References1
Rows per page
Query Builder