33 matches found
Malicious code in @breeze-ai/ui-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ca524608c9ab3d41715be26a354c2a643216f0bb79c8aec50de4f5e6b6ee523 The package @breeze-ai/ui-library was found to contain malicious code. Source: ghsa-malware...
Missing Origin Validation in WebSockets
Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via missing origin validation in all WebSocket endpoints. An attacker can gain unauthorized access to authenticated WebSocket sessions by tricking a logged-in administrator into visiting a malicio...
Arbitrary Code Injection
Overview @oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c Affected...
MAL-2026-687 Malicious code in @uselagoon/ui-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bda12522a61c5fdbf5675903128a573bb6dcf1bd1aee45a1340877450fb2112f The package @uselagoon/ui-library was found to contain malicious code. Source: ghsa-malware...
Malicious code in @uselagoon/ui-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bda12522a61c5fdbf5675903128a573bb6dcf1bd1aee45a1340877450fb2112f The package @uselagoon/ui-library was found to contain malicious code. Source: ghsa-malware...
Malicious code in ui-library_mercadolibre (npm)
The package ui-librarymercadolibre was found to contain malicious code...
MAL-2025-48514 Malicious code in ui-library_mercadolibre (npm)
The package ui-librarymercadolibre was found to contain malicious code...
MAL-2025-48276 Malicious code in cx-hub-interaction-ui-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a9bc1addddaee6ed4aa8352a5162c828bddcc53ddee490fb211f76247c23cd4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in cx-hub-interaction-ui-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a9bc1addddaee6ed4aa8352a5162c828bddcc53ddee490fb211f76247c23cd4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-11304
A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability is an unknown functionality of the component API. Executing manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been...
MAL-2025-47986 Malicious code in @pb-digital/ui-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6e94824bf34fd4fe09f844a4fef6d484cdc73c7a4244dbc576e6b94a35624800 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-32470
A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability is an unknown functionality of the component API. Executing manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been...
@acalcutt/tileserver-gl (>=5.4.0-pre.1 <=5.4.1-pre.0), @acalcutt/tileserver-gl-light (>=5.4.0-pre.1 <=5.4.1-pre.0) +26 more potentially affected by CVE-2025-59143 via color (=5.0.0)
color NPM version =5.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on color and may be impacted: - @acalcutt/tileserver-gl =5.4.0-pre.1, =5.4.0-pre.1, =0.7.0, =0.3.18, =2.1.0-app-13.11.2, =2.1.0, =20.0.0, =9.0.0, =12.0.0, =9.0.0, =10.1.0, =3.0.0,...
Malicious code in diakrit-ui-library (npm)
The package diakrit-ui-library was found to contain malicious code...
MAL-2025-18431 Malicious code in diakrit-ui-library (npm)
The package diakrit-ui-library was found to contain malicious code...
CVE-2025-53104 gluestack-ui Command Injection Vulnerability via discussion-to-slack GitHub Action Workflow
gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS NativeWind. Prior to commit e6b4271, a command injection vulnerability was discovered in the discussion-to-slack.yml GitHub Actions workflow. Untrusted discussion fields title, body, etc. were directly...
Moodle 3.11.x < 3.11.16 JQuery UI Library Upgrade
According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.23 or 3.11.x prior to 3.11.16. The JQuery UI library included with Moodle has been upgraded to version 1.13.2, which includes fixes for multiples security issues. Note that the scanner has not...
Moodle < 3.9.23 JQuery UI Library Upgrade
According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.23 or 3.11.x prior to 3.11.16. The JQuery UI library included with Moodle has been upgraded to version 1.13.2, which includes fixes for multiples security issues. Note that the scanner has not...
CVE-2024-47075
CVE-2024-47075 concerns LayUI, a native minimalist Web UI library. The vulnerability is a DOM Clobbering flaw in versions prior to 2.9.17 that can lead to Cross‑site Scripting (XSS) on pages containing attacker‑controlled HTML elements (e.g., img tags with unsanitized name attributes). The issue ...
MAL-2024-2054 Malicious code in cz-react-ui-library (npm)
--- -= Per source details. Do not edit below this line.=-...