4 matches found
Malicious code in @my_name_is_khn/express-security-tool-v1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e77b441acf56551e84d7dcac2da89dd7f287f6c0a6c028c669d78a90e6c58d3 On npm install, the package's postinstall script scripts/inject.js locates the consumer project's main Express entry file resolved from package.json...
MAL-2026-5551 Malicious code in @my_name_is_khn/express-security-tool-v1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e77b441acf56551e84d7dcac2da89dd7f287f6c0a6c028c669d78a90e6c58d3 On npm install, the package's postinstall script scripts/inject.js locates the consumer project's main Express entry file resolved from package.json...
MAL-2026-5464 Malicious code in db-xorma (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1428486c71a3cd7d89ea90a17631bb5dc0fee7e11a6cbb4d8029a8b25268c7d2 db-xorma advertises itself as a reactive in-memory database library. When a consumer creates any Model instance the documented entry point, the...
CVE-2022-23630
CVE-2022-23630 affects Gradle’s dependency verification bypass. When verification is disabled on some configurations but enabled on others, and the disabled configuration resolves first, common dependencies may skip verification for the enabled configuration. Gradle 7.4 addresses this by validati...