CVSS:10.0(Critical)
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a di...
CVSS:9.8(Critical)
Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tab...
CVSS:9.8(Critical)
The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.
CVSS:9.1(Critical)
Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending a...
CVSS:8.6(High)
reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed s...
CVSS:8.6(High)
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modifi...
CVSS:8.4(High)
Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vuln...
CVSS:7.5(High)
The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
CVSS:7.5(High)
The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
CVSS:7.5(High)
The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
CVSS:7.5(High)
The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
CVSS:7.5(High)
cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS:7.5(High)
nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS:7.5(High)
smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS:7.5(High)
shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS:7.5(High)
mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS:7.5(High)
proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS:7.5(High)
http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS:7.5(High)
crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS:7.5(High)
noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS:7.5(High)
nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS:7.5(High)
nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS:7.5(High)
nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS:7.5(High)
nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.