22 matches found
Malicious Package
Overview truffle-config-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in truffle-config-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2204d3386cd8473771610640812df94a0c65c5482027bd7a59282398d38e73db On npm install, the package's postinstall hook package.json line 13 issues an HTTPS GET to...
MAL-2026-4249 Malicious code in truffle-config-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2204d3386cd8473771610640812df94a0c65c5482027bd7a59282398d38e73db On npm install, the package's postinstall hook package.json line 13 issues an HTTPS GET to...
MAL-2026-3717 Malicious code in truffle-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52bd5b41de871fbbc8c5895f63dfec08ba2ff6ecb9ea03fa6fdb5d9245c74616 The package.json lifecycle script invokes require'childprocess'.execSync with a curl command at install time. Running curl through childprocess durin...
Malicious code in truffle-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52bd5b41de871fbbc8c5895f63dfec08ba2ff6ecb9ea03fa6fdb5d9245c74616 The package.json lifecycle script invokes require'childprocess'.execSync with a curl command at install time. Running curl through childprocess durin...
Malicious code in truffle-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27652f23529349a6999e9121bc9714a5e9b5d11b227729c3c24147e5d2260eee package.json line 7 invokes require'childprocess' and execSync'curl...' from an npm lifecycle script. This causes the installer's machine to fetch an...
MAL-2026-3716 Malicious code in truffle-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27652f23529349a6999e9121bc9714a5e9b5d11b227729c3c24147e5d2260eee package.json line 7 invokes require'childprocess' and execSync'curl...' from an npm lifecycle script. This causes the installer's machine to fetch an...
Malicious Package
Overview react-dropzone-truffle is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Malicious code in react-dropzone-truffle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector deb9aafcb06b44346b4a153006bf1230d02f97d4f76ac2797f42a22005658c85 The package react-dropzone-truffle was found to contain malicious code. Source: ghsa-malware...
MAL-2026-999 Malicious code in react-dropzone-truffle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector deb9aafcb06b44346b4a153006bf1230d02f97d4f76ac2797f42a22005658c85 The package react-dropzone-truffle was found to contain malicious code. Source: ghsa-malware...
CVE-2025-41390
An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An attacker can provide a malicious respository to trigger this vulnerability...
Malicious code in truffle-plugin-blockscout-verify-jordin (npm)
The package truffle-plugin-blockscout-verify-jordin was found to contain malicious code...
Malicious code in truffle-v99 (npm)
The package truffle-v99 was found to contain malicious code...
MAL-2025-37234 Malicious code in truffle-plugin-blockscout-verify-jordin (npm)
The package truffle-plugin-blockscout-verify-jordin was found to contain malicious code...
MAL-2025-37235 Malicious code in truffle-v5 (npm)
The package truffle-v5 was found to contain malicious code...
MAL-2025-37236 Malicious code in truffle-v99 (npm)
The package truffle-v99 was found to contain malicious code...
Malicious code in truffle-v5 (npm)
The package truffle-v5 was found to contain malicious code...
There is no real fix to the security issues recently found in GitHub and other similar software
A recently discovered security issue in GitHub and other, similar, control system products seem to fit into the classic "its a feature, not a bug" category. Security researchers last week published their findings into some research of how deleted forks in GitHub work, potentially leaving the door...
Malicious code in truffle-gas-report (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 069f5ce0d8f911ded5d7594c9ddcbce0a8e5ce0f781d55578e0460dc1bbef64f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Unchecked setters
Lines of code Vulnerability details Impact Incorrect data: If the 'referred' or 'protocol' variables are set to incorrect values, it could result in incorrect or unexpected behavior in the contract. Manipulation: Malicious actors could potentially exploit this vulnerability to manipulate the syst...