Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

MAL-2026-3768 Malicious code in npmjs_web3-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 263a0126b20b1d58bc0528a4b7bea19027b94383e00b5b9f03b712d96be89ca7 The package's postinstall lifecycle hook downloads a script from a personal GitHub Gist...

MAL-2026-3022 Malicious code in jie-utility-package (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2cab7c48587f060014e5c8453f9ab21c0e6dd3c3523d095c1fcafbce8cbee2d1 During installation, the package attempts to create a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

Fedora: Security Advisory for golang-github-prometheus-exporter-toolkit (FEDORA-2023-c1318fb7f8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-github-prometheus-exporter-toolkit (FEDORA-2023-1b25579262)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: golang-github-prometheus-exporter-toolkit-0.10.0-1.fc37

Utility package to build exporters...

Malicious code in @hyperion-util/deferred-value (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ee6f14ca7114d9a5fd5096b74a8d6efa41d9df7e63dfcbfa2778ba8ba7d5dc64 The OpenSSF Package Analysis project identified '@hyperion-util/deferred-value' @ 77.77.79 npm as malicious. It is considered malicious because:...

PYSEC-2022-43093

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-utility package. The affected version of d8s-htm is 0.1.0...

CVE-2022-44054

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-utility package. The affected version of d8s-htm is 0.1.0...

CVE-2022-44054

CVE-2022-44054 concerns the Python d8s-xml package distributed on PyPI, with a potential code-execution backdoor linked to the democritus-utility package. The description explicitly states a code-execution backdoor inserted by a third party, affecting the d8s-htm component version 0.1.0. External...

CVE-2022-41386

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0...

CVE-2022-41381

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...

USN-5478-1 util-linux vulnerability

Christian Moch and Michael Gruhn discovered that the libblkid library of util-linux did not properly manage memory under certain circumstances. A local attacker could possibly use this issue to cause denial of service by consuming all memory through a specially crafted MSDOS partition table...

Visual Studio Client Detector Utility

The Visual Studio Client Detector Utility is a required component that must be installed on client machines in order for Visual Studio administrator updates to be properly recognized and received. It is used to detect the different versions of Visual Studio installed on the client machine, and it...