MAL-2026-3878 Malicious code in @antv/dw-util (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-3862 Malicious code in @antv/color-util (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

Malicious code in alembic-util (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8e9b764ee0ccd6a2c6c2db1b7722f083ee9f643cb99d03821d5e6571f68db253 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

Malicious code in rich-util (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cc191d72f2f92d966897d0f635b53afecd9a62e8b63de13fff125a00377fcb63 Package installs persistent malware acting as Rat, with the focus of stealing data and modifying copied cryptowallet addresses. --- Category: MALICIOUS - The...

MiracleLinux 4 : nspr-4.10.8-2.AXS4, nss-util-3.19.1-2.AXS4, nss-3.19.1-5.AXS4 (AXSA:2015-535:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-535:01 advisory. nspr NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal fi...

MiracleLinux 7 : nspr-4.10.8-2.el7, nss-3.19.1-7.el7.2, nss-util-3.19.1-4.el7 (AXSA:2015-533:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-533:01 advisory. nspr NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal fi...

Photon OS 5.0: Util PHSA-2025-5.0-0714

An update of the util package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0714. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

MAL-2025-6709 Malicious code in currency-util (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-5492 Malicious code in cors-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8939034e252aec0a1bb8e90a23fa9e524d966682283a461f00204f8bedf29c33 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-45839

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the aufs-util...

Photon OS 5.0: Util PHSA-2024-5.0-0424

An update of the util package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0424. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Malicious code in sampling-util (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1db5976272af4e14606000b677142e6eddfc03419c87b557e10610985ae226c1 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

Photon OS 3.0: Util PHSA-2022-3.0-0375

An update of the util package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0375. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 2.0: Util PHSA-2018-2.0-0037

An update of the util package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0037. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Malicious code in bip-util (PyPI)

--- -= Per source details. Do not edit below this line.=-...

openSUSE Security Advisory (SUSE-SU-2024:1172-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for util (SUSE-SU-2023:4372-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in tslib-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 96184e29784d22573c84557538ba7af38ab35195910ce3960130857f3369bc0b Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

SUSE: Security Advisory (SUSE-SU-2023:0389-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...