35936 matches found
Malicious Package
Overview tinyparrot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the responseReadNamespacesArray function of the Shared Client Library when handling the ServerNamespaceArray argument. An attacker can cause a denial of service by sending specially crafted data that triggers...
Insufficient Type Distinction
Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Insufficient Type Distinction via the FileUpload or ImageUpload elements when allowedMimeTypes is configured. An attacker can upload files with arbitrary MIME types by bypassing...
Malicious Package
Overview motion-pull is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
Malicious Package
Overview nodemon-delog is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview nodemon-plint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Server-side Request Forgery (SSRF)
Overview contao/core-bundle is an Open Source PHP Content Management System for people who want a professional website that is easy to maintain. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Feed Reader front-end module, which passes RSS feed URLs fr...
Information Exposure
Overview contao/core-bundle is an Open Source PHP Content Management System for people who want a professional website that is easy to maintain. Affected versions of this package are vulnerable to Information Exposure via the crawler that tries to prevent confidential HTTP client options from bei...
Directory Traversal
Overview contao/core-bundle is an Open Source PHP Content Management System for people who want a professional website that is easy to maintain. Affected versions of this package are vulnerable to Directory Traversal due to an authenticated backend user who can access one job can request an...
Malicious Package
Overview @oliviamcdaniel12/safer-buffer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...
Malicious Package
Overview @sqlite-panel/createsql is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
Malicious Package
Overview @sqlite-group/sql-creator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @sqlite-group/schema-generator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...
Malicious Package
Overview @sqlite-clone/nodesql is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the ExecTool.Execute function in the exec tool component. An attacker can execute arbitrary operating system commands by providing crafted input to this function. Remediation There is no fixed version for...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the ExecTool.Execute function in the exec tool component. An attacker can execute arbitrary operating system commands by providing crafted input to this function. Remediation There is no fixed version for...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the ExecTool.Execute function in the exec tool component. An attacker can execute arbitrary operating system commands by providing crafted input to this function. Remediation There is no fixed version for...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack via the GetSkill process in filesystem.go of the Workspace Handler. An attacker can access or modify files by exploiting symbolic link following remotely. Remediation There is no fixed version for...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack via the GetSkill process in filesystem.go of the Workspace Handler. An attacker can access or modify files by exploiting symbolic link following remotely. Remediation There is no fixed version for...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the WebTool.Execute function in the web.go file when processing the url argument. An attacker can make unauthorized requests to internal or external systems by supplying crafted URLs. Remediation The...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the WebTool.Execute function in the web.go file when processing the url argument. An attacker can make unauthorized requests to internal or external systems by supplying crafted URLs. Remediation The...
Malicious Package
Overview akshajrawat.utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @resolvx/core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @tonsdk/core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @aonunited/angular is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @rockawayx/utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @cw-ui/asio-neon-themes is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
Malicious Package
Overview micro-ui-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @cw-ui/micro-ui-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Malicious Package
Overview unified-ui-components-library is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview dom-weave is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview humanize-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview relative-time-live is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview clipboard-drop is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview string-morph is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview sync-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
Malicious Package
Overview valid-scope is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
Malicious Package
Overview sight-bind is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview duration-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview temp-cloak is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview avatar-forge is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview class-synth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
Malicious Package
Overview @codex2005/logger-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Malicious Package
Overview class-weaver is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @emcd-vue/loans is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @emcd-vue/b2b-pay-form is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Malicious Package
Overview @emcd-vue/auth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the bytePlusDownloadVideo function. An attacker can access internal resources or perform unauthorized requests by supplying crafted values to the output.videourl argument. Remediation There is no fix...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the writeFile function in the ACP ToolBridge Workspace Handler. An attacker can access or modify files outside the intended directory by supplying crafted path input remotely. Details A Directory Traversal attack...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the writeFile function in the ACP ToolBridge Workspace Handler. An attacker can access or modify files outside the intended directory by supplying crafted path input remotely. Details A Directory Traversal attack...