Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2025/09/15 9:23 p.m.9 views

[email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version 2.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's...

8.8CVSS6.7AI score0.00138EPSS
Exploits0References7Affected Software1
OSV
OSVadded 2025/09/15 9:23 p.m.2 views

GHSA-286P-VC9P-P5QV [email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version 2.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's...

8.8CVSS6.7AI score0.00138EPSS
Exploits0References7
OSV
OSVadded 2025/09/08 3:19 p.m.3 views

MAL-2025-46973 Malicious code in color-string (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f96d7c74748e121e50b19198355b3f8f9f8ba84bcfd1731896fcf4b9ebc76370 Any computer that has this package installed or running should be considered fully compromised. All...

8.8CVSS7.1AI score0.00138EPSS
Exploits0References5
Snyk
Snykadded 2025/09/08 2:26 p.m.2 views

Embedded Malicious Code

Overview color-string is a Parser and generator for CSS color strings Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicio...

9.8CVSS7.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2022/08/19 3:55 a.m.2 views

Malicious code in 5string (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 93fc7cbf860ad9df990a7a27577e5e802d47a752e67329de8e8a7e20c240a688 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Node.js
Node.jsadded 2019/05/31 8:56 p.m.11 views

Malicious Package

Overview Version 1.5.3 of colour-string contained malicious code as a preinstall script. The package downloaded a file from a remote server, executed it and opened a backdoor. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secret...

7.1AI score
Exploits0Affected Software1
Github Security Blog
Github Security Blogadded 2018/07/24 8:16 p.m.27 views

Regular Expression Denial of Service in string package

Affected versions of string are vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods. Recommendation There is currently no direct patch for this vulnerability. Currently, the best solution is to avo...

7.5CVSS7.4AI score0.00366EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder