24 matches found
Malicious code in npmjs_truffle-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25fbc74fbe261cc7bba8c1f9005f7b7573aff1240a5ac8bbf831a3ce8a7c23e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5509 Malicious code in npmjs_truffle-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25fbc74fbe261cc7bba8c1f9005f7b7573aff1240a5ac8bbf831a3ce8a7c23e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview truffle-config-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-4249 Malicious code in truffle-config-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2204d3386cd8473771610640812df94a0c65c5482027bd7a59282398d38e73db On npm install, the package's postinstall hook package.json line 13 issues an HTTPS GET to...
Malicious code in truffle-config-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2204d3386cd8473771610640812df94a0c65c5482027bd7a59282398d38e73db On npm install, the package's postinstall hook package.json line 13 issues an HTTPS GET to...
Malicious code in truffle-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52bd5b41de871fbbc8c5895f63dfec08ba2ff6ecb9ea03fa6fdb5d9245c74616 The package.json lifecycle script invokes require'childprocess'.execSync with a curl command at install time. Running curl through childprocess durin...
MAL-2026-3717 Malicious code in truffle-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52bd5b41de871fbbc8c5895f63dfec08ba2ff6ecb9ea03fa6fdb5d9245c74616 The package.json lifecycle script invokes require'childprocess'.execSync with a curl command at install time. Running curl through childprocess durin...
Malicious code in truffle-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27652f23529349a6999e9121bc9714a5e9b5d11b227729c3c24147e5d2260eee package.json line 7 invokes require'childprocess' and execSync'curl...' from an npm lifecycle script. This causes the installer's machine to fetch an...
MAL-2026-3716 Malicious code in truffle-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27652f23529349a6999e9121bc9714a5e9b5d11b227729c3c24147e5d2260eee package.json line 7 invokes require'childprocess' and execSync'curl...' from an npm lifecycle script. This causes the installer's machine to fetch an...
Malicious Package
Overview react-dropzone-truffle is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Malicious code in react-dropzone-truffle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector deb9aafcb06b44346b4a153006bf1230d02f97d4f76ac2797f42a22005658c85 The package react-dropzone-truffle was found to contain malicious code. Source: ghsa-malware...
MAL-2026-999 Malicious code in react-dropzone-truffle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector deb9aafcb06b44346b4a153006bf1230d02f97d4f76ac2797f42a22005658c85 The package react-dropzone-truffle was found to contain malicious code. Source: ghsa-malware...
CVE-2025-41390
An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An attacker can provide a malicious respository to trigger this vulnerability...
Malicious code in truffle-v99 (npm)
The package truffle-v99 was found to contain malicious code...
Malicious code in truffle-plugin-blockscout-verify-jordin (npm)
The package truffle-plugin-blockscout-verify-jordin was found to contain malicious code...
MAL-2025-37234 Malicious code in truffle-plugin-blockscout-verify-jordin (npm)
The package truffle-plugin-blockscout-verify-jordin was found to contain malicious code...
MAL-2025-37236 Malicious code in truffle-v99 (npm)
The package truffle-v99 was found to contain malicious code...
MAL-2025-37235 Malicious code in truffle-v5 (npm)
The package truffle-v5 was found to contain malicious code...
Malicious code in truffle-v5 (npm)
The package truffle-v5 was found to contain malicious code...
There is no real fix to the security issues recently found in GitHub and other similar software
A recently discovered security issue in GitHub and other, similar, control system products seem to fit into the classic "its a feature, not a bug" category. Security researchers last week published their findings into some research of how deleted forks in GitHub work, potentially leaving the door...