Malicious Package

Overview paysafe-venmo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in paysafe-venmo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fce8d34aa19e18a627c71bd9fd4d16246319ca05abafd983708a534663a573f The package paysafe-venmo was found to contain malicious code. Source: ghsa-malware 678a8d684fa9e6f72f98c45d404c3e749491bd582d4b78ddc4bc3d020ae3c172...

MAL-2026-2554 Malicious code in paysafe-venmo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fce8d34aa19e18a627c71bd9fd4d16246319ca05abafd983708a534663a573f The package paysafe-venmo was found to contain malicious code. Source: ghsa-malware 678a8d684fa9e6f72f98c45d404c3e749491bd582d4b78ddc4bc3d020ae3c172...

Malicious code in venmo-emoji-list (npm)

The package venmo-emoji-list was found to contain malicious code...

MAL-2025-38212 Malicious code in venmo-emoji-list (npm)

The package venmo-emoji-list was found to contain malicious code...

Even More Venmo Accounts Tied to Trump Officials in Signal Group Chat Left Data Public

WIRED has found four new Venmo accounts that appear to be associated with Trump officials who were in an infamous Signal chat. One made a payment with a note consisting solely of an eggplant emoji...

Mike Waltz Left His Venmo Friends List Public

A WIRED review shows national security adviser Mike Waltz, White House chief of staff Susie Wiles, and other top officials left sensitive information exposed via Venmo—until WIRED asked about it...

Malicious code in venmo-ui (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c56cfa4b6e6b329cc9502a5eeea242d13fd03e156392465657d5254b441ecfe Any computer that has this package install...

MAL-2025-124 Malicious code in venmo-ui (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c56cfa4b6e6b329cc9502a5eeea242d13fd03e156392465657d5254b441ecfe Any computer that has this package install...

The Most Secure Payment Solutions in the USA: Zelle, MoneyGram, CashApp, and Venmo

Secure payment solutions ensure safe transfers amidst rising risks of cybercrime and fraud. Discover how third-party platforms like…...

J.D. Vance Left His Venmo Public. Here’s What It Shows

The Republican VP nominee's Venmo network reveals connections ranging from the architects of Project 2025 to enemies of Donald Trump—and the populist's close ties to the very elites he rails against...

WordPress Checkout with Venmo on Woocommerce Plugin <= 4.1 is vulnerable to Cross Site Scripting (XSS)

Software Checkout with Venmo on Woocommerce Type Plugin Vulnerable versions = 4.1 Fixed in 4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0579a795d0cd Credits Rafie Muhammad...

WordPress Checkout with Venmo on EDD Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Checkout with Venmo on EDD Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 85fec6b4a1ab Credits Rafie Muhammad Patchstack...

Design/Logic Flaw

SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card, the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has bee...

CVE-2023-23941

SwagPayPal (Shopware) vulnerable to a mismatch between the amount/item list sent to PayPal and the actual created order when using JavaScript-based PayPal checkout methods (PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, credit card). Root cause: inconsistent data sent to PayPal durin...

CVE-2023-23941 SwagPayPal payment not sent to PayPal correctly

SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card, the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has bee...

Malicious Package

Overview venmo-emoji-list is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

WordPress Checkout with Venmo on EDD plugin <= 1.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Checkout with Venmo on EDD plugin versions = 1.0. Solution No patched version available...

WordPress Checkout with Venmo on EDD plugin <= 1.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Checkout with Venmo on EDD plugin versions = 1.0. Solution No patched version available...

Venmo Gets More Private—but It's Still Not Fully Safe

Eliminating the global feed is a good step. But until the platform offers privacy by default, it remains a liability for many of its users...