36119 matches found
Malicious Package
Overview @flipbit2-bb/scope-test is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
Malicious Package
Overview http-uploader-dev is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview clx-cookie-signature is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview tailwind-form is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview clx-cookieparser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview node-denv is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview chain-chai-test is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview react-pinojs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview react-json-chalk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview stackus is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview bundrix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Interpretation Conflict
Overview fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict in its parse, normalize, and equal functions, which call the nonexistent URL.domainToASCII static method and silently swallow the resulting TypeError into...
Interpretation Conflict
Overview org.webjars.npm:fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict in its parse, normalize, and equal functions, which call the nonexistent URL.domainToASCII static method and silently swallow the resulting...
Symlink Attack
Overview libattr is a None Affected versions of this package are vulnerable to Symlink Attack. via the getfattr or setfattr process. An attacker can gain elevated privileges by substituting a symbolic link for a pathname component during directory traversal, causing operations to be redirected to...
Malicious Package
Overview quirky-token is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview swift-parse-stream is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview path-internal-util is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Symlink Attack
Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Symlink Attack in the handling ...
Malicious Package
Overview auth-state-service is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview authmatrix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview ssr-auth-sync is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview authsessionbridge is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow in the xmlcatalog process when operating in shell mode. An attacker can cause memory corruption, application crash, or execute arbitrary code by supplying an excessively long input line. Remediation A fix was pushed into...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview acl is a None Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition. in the getfacl or setfacl process. An attacker can gain unauthorized access to files or escalate privileges by exploiting a race condition where a symbolic link replaces a...
Symlink Attack
Overview acl is a None Affected versions of this package are vulnerable to Symlink Attack. via the libacl functions. An attacker can gain unauthorized access to or modify access control lists by replacing a pathname component with a symbolic link, redirecting ACL read or write operations to...
Cross-site Scripting (XSS)
Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Cross-site Scripting XSS via the createpost function within backend/routers/social/init.py, where user-provided content is directly assigned to the DBPost model without...
Arbitrary Code Injection
Overview mesop is a Build UIs in Python Affected versions of this package are vulnerable to Arbitrary Code Injection due to an explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally without authentication measures, yieldin...
Allocation of Resources Without Limits or Throttling
Overview frigate is an A tool for autogenerating helm documentation. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to...
Malicious Package
Overview vkzmn is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview hunsterx-package is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview velocityfix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
Malicious Package
Overview unsafe-malicious-package is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview polymarket-clob-math is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview ts-einkle-slot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview ts-einkle is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview ts-ankle is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview gx-npm-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview gx-npm-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview gx-npm-feature-flags is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @vpms/design-system is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @epsteinlovekids483/crossmint-wallets-sdk-pentest is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview crossmint-wallets-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Insufficient Verification of Data Authenticity
Overview openviking is an An Agent-native context database Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the strtouint64 function. An attacker can compromise data integrity and confidentiality by submitting crafted ID arguments that bypass...
Incorrect Authorization
Overview khoj is a Your Second Brain Affected versions of this package are vulnerable to Incorrect Authorization in the Conversation Sharing Handler when processing the conversation.agent argument. An attacker can gain unauthorized access to conversation data or perform actions with insufficient...
Improper Authorization
Overview @voltagent/serverless-hono is a Serverless fetch-based runtime provider for VoltAgent using Hono Affected versions of this package are vulnerable to Improper Authorization via the handleGetMemoryConversation function. An attacker can gain unauthorized access to memory conversation data b...
Improper Authorization
Overview @voltagent/server-hono is a Hono server implementation for VoltAgent Affected versions of this package are vulnerable to Improper Authorization via the handleGetMemoryConversation function. An attacker can gain unauthorized access to memory conversation data by manipulating the...
Improper Authorization
Overview @voltagent/server-elysia is an Elysia server implementation for VoltAgent Affected versions of this package are vulnerable to Improper Authorization via the handleGetMemoryConversation function. An attacker can gain unauthorized access to memory conversation data by manipulating the...
Improper Authorization
Overview @voltagent/server-core is a Framework-agnostic server core for VoltAgent Affected versions of this package are vulnerable to Improper Authorization via the handleGetMemoryConversation function. An attacker can gain unauthorized access to memory conversation data by manipulating the...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the decodedlta function. An attacker can cause memory corruption, potentially leading to information disclosure, data modification, or application crash by supplying a crafted media stream containing a malicious...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound through the processing of a 32-bit attribute count received from a remote server in the publickey subsystem. An attacker can cause a heap buffer overflow by sending a specially crafted response that trigge...