| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHub Security Advisory. |
| discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin. |
| The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. |
| The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. |
| The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. |
| The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. |
| The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry. |
| cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
