Malicious code in getd-ui-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcdbf66757b102ed524f01c498adae819b02968aa455f57316f4e08af1fb9ea0 On npm install, postinstall.js runs unconditionally scripts.postinstall = 'node postinstall.js' and sends an HTTPS GET to a hardcoded webhook.site UR...

Malicious code in @breeze-ai/ui-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ca524608c9ab3d41715be26a354c2a643216f0bb79c8aec50de4f5e6b6ee523 The package @breeze-ai/ui-library was found to contain malicious code. Source: ghsa-malware...

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via missing origin validation in all WebSocket endpoints. An attacker can gain unauthorized access to authenticated WebSocket sessions by tricking a logged-in administrator into visiting a malicio...

Arbitrary Code Injection

Overview @oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c Affected...

Malicious code in @uselagoon/ui-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bda12522a61c5fdbf5675903128a573bb6dcf1bd1aee45a1340877450fb2112f The package @uselagoon/ui-library was found to contain malicious code. Source: ghsa-malware...

MAL-2026-687 Malicious code in @uselagoon/ui-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bda12522a61c5fdbf5675903128a573bb6dcf1bd1aee45a1340877450fb2112f The package @uselagoon/ui-library was found to contain malicious code. Source: ghsa-malware...

Malicious code in ui-library_mercadolibre (npm)

The package ui-librarymercadolibre was found to contain malicious code...

MAL-2025-48514 Malicious code in ui-library_mercadolibre (npm)

The package ui-librarymercadolibre was found to contain malicious code...

Malicious code in cx-hub-interaction-ui-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a9bc1addddaee6ed4aa8352a5162c828bddcc53ddee490fb211f76247c23cd4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48276 Malicious code in cx-hub-interaction-ui-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a9bc1addddaee6ed4aa8352a5162c828bddcc53ddee490fb211f76247c23cd4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-11304

A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability is an unknown functionality of the component API. Executing manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been...

MAL-2025-47986 Malicious code in @pb-digital/ui-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6e94824bf34fd4fe09f844a4fef6d484cdc73c7a4244dbc576e6b94a35624800 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-32470

A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability is an unknown functionality of the component API. Executing manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been...

Malicious code in diakrit-ui-library (npm)

The package diakrit-ui-library was found to contain malicious code...

MAL-2025-18431 Malicious code in diakrit-ui-library (npm)

The package diakrit-ui-library was found to contain malicious code...

CVE-2025-53104 gluestack-ui Command Injection Vulnerability via discussion-to-slack GitHub Action Workflow

gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS NativeWind. Prior to commit e6b4271, a command injection vulnerability was discovered in the discussion-to-slack.yml GitHub Actions workflow. Untrusted discussion fields title, body, etc. were directly...

Moodle 3.11.x < 3.11.16 JQuery UI Library Upgrade

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.23 or 3.11.x prior to 3.11.16. The JQuery UI library included with Moodle has been upgraded to version 1.13.2, which includes fixes for multiples security issues. Note that the scanner has not...

Moodle < 3.9.23 JQuery UI Library Upgrade

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.23 or 3.11.x prior to 3.11.16. The JQuery UI library included with Moodle has been upgraded to version 1.13.2, which includes fixes for multiples security issues. Note that the scanner has not...

The vulnerability of the Lite UI user interface library used in Apache ShardingSphere ElasticJob-UI for task scheduling arises from an internal index assignment error. This error allows attackers to gain unauthorized access to protected information.

The vulnerability of the Lite UI user interface library used in the Apache ShardingSphere ElasticJob-UI task scheduling software is related to an error in the assignment of the internal interface index. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected...

CVE-2024-47075

CVE-2024-47075 concerns LayUI, a native minimalist Web UI library. The vulnerability is a DOM Clobbering flaw in versions prior to 2.9.17 that can lead to Cross‑site Scripting (XSS) on pages containing attacker‑controlled HTML elements (e.g., img tags with unsanitized name attributes). The issue ...