MAL-2026-1490 Malicious code in ember-power-calendar-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55191162c66f85fd90f4c2bb6354b569a7ab7cdc6a380289defcc8be784ed434 The package ember-power-calendar-utils was found to contain malicious code. Source: ghsa-malware...

Malicious code in @global-dax-ad-platform/dax-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93ad3965eea87837397d655bd3d3cdd0ccefdbc65747460981af49ea2296dd2e The package @global-dax-ad-platform/dax-utils was found to contain malicious code. Source: ghsa-malware...

@kontaa/subgraph (>=1.0.1 <=1.2.3), @kontaa/utils (>=1.2.1 <=1.2.3) +4 more potentially affected by CVE-2025-64430 via parse-server (>=5.6.0 <=6.5.11)

parse-server NPM version =5.6.0, =1.0.1, =1.2.1, =2.4.46, =1.0.0, =1.0.1, =1.0.23 - servable-publishable =1.1.0 Source cves: CVE-2025-64430 Source advisory: SNYK:JS-PARSESERVER-13843716...

Malicious code in v0-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c3fed66eb2cf11c949abeefd6369b31cf4fb7eb2cace6da6e8df56e135fec66 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2008-1089

Malware in sbrugna...

EUVD-2004-1384

Malware in sbrugna...

EUVD-1999-0686

Malware in sbrugna...

MAL-2025-47915 Malicious code in @dotevn/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b95b9f994dbbf3a9562b73fb2a0445eb341e9e8defdf89f43a90a3398270759d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in chime-utils (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c47d81929483a169d2ee7d4f0f5c08d14518a52a1efa368fc87e2101bd75de5 Any computer that has this package installed or running should be considered...

Ubuntu: Security Advisory (USN-7536-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2025-0176)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MAL-2025-4758 Malicious code in prd-utils (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Ubuntu: Security Advisory (USN-7536-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MAL-2025-4070 Malicious code in company-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd5015b0393c3e2981f574bba469382525576dba01b38627ab06d4244bf497d9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Debian: Security Advisory (DSA-5895-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in migu-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ccbd8955e0708787cb831d8758b4c240d432a13fe1c1c182ded5e19b8cd49d3a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2311 Malicious code in events-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab45d10dfa09f0ea69e25ef62c978634d9b929402d3875a2687180c005723eca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in events-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab45d10dfa09f0ea69e25ef62c978634d9b929402d3875a2687180c005723eca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-28607

The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via a falsy isPrivate return value...

CVE-2024-28607

CVE-2024-28607 affects the ip-utils package for Node.js up to version 2.4.0. The root cause is a faulty isPrivate check that can misclassify certain IPs (e.g., 0x7f.1) as globally routable, enabling SSRF. Documented impacts are SSRF risk; no explicit remediation or patch/version guidance is prese...