Lucene search
K

7 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 10:38 p.m.9 views

Malicious code in web3-token-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c826bf782895b60580b94e3a28a2c4562d3742420ce81e9895ad8568da57890 The package advertises itself as a Web3 fee utility but its main export is a dropper. index.js line 140 base64-decodes a platform-specific command...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/06/22 10:38 p.m.7 views

MAL-2026-6274 Malicious code in web3-token-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c826bf782895b60580b94e3a28a2c4562d3742420ce81e9895ad8568da57890 The package advertises itself as a Web3 fee utility but its main export is a dropper. index.js line 140 base64-decodes a platform-specific command...

5.8AI score
Exploits0References6
Snyk
Snyk
added 2026/02/03 6:30 p.m.4 views

Use of Hard-coded Credentials

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the jwt-helper.js when verifying JWT tokens. An attacker can gain unauthorized administrative access by forging valid tokens...

9.8CVSS5.5AI score0.02036EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/07 10:55 p.m.2 views

Command Injection

Overview @pnpm/npm-conf is a Get the npm config Affected versions of this package are vulnerable to Command Injection via environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker can execute arbitrary code by controlling environment variables during...

7.8CVSS7.9AI score0.00949EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/07 10:30 p.m.23 views

CVE-2025-69262 pnpm vulnerable to Command Injection via environment variable substitution

pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Cod...

7.5CVSS0.00949EPSS
Exploits1References2
OSV
OSV
added 2026/01/07 6:51 p.m.3 views

GHSA-2PHV-J68V-WWQX pnpm vulnerable to Command Injection via environment variable substitution

Summary A command injection vulnerability exists in pnpm when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve remote code execution RCE in build environments...

7.5CVSS8.5AI score0.00949EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/01/07 6:51 p.m.17 views

pnpm vulnerable to Command Injection via environment variable substitution

Summary A command injection vulnerability exists in pnpm when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve remote code execution RCE in build environments...

7.8CVSS9.7AI score0.00949EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder