Malicious code in symphony-markdown (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d8ac47d747638835685ead66cf3fe6fc737f93e540093a4f94b0148b45db3c3e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8013 Malicious code in binarium-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx e6203f8ba86eed8c7eef3531a2e69f72fa4badbcd98e90b291436bf574cb24c7 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8007 Malicious code in @rocketrefer/admin-panel (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx cee4d7f564848bd4bb2a8a410f60f22ce1bce642072b14a97281130483c8c1a9 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8012 Malicious code in b2b-canaisdigitais (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4dc971b04d6b1823268396807c41d808cc18fd8c2b2094b5c9ee6fb342083172 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

Malicious code in cherry_corrupt (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c4217ff7a5cb8b7dda2ab6a4133d37db497cd1d418337326492b177b12853636 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Format string

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop...