An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUzMjctZ2ZxNS04ZjRt
Malicious Package in buffer-xmr
Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.
Remove the package from your environment. Ensure no Ethereum funds were compromised.Permalink: https://github.com/advisories/GHSA-5327-gfq5-8f4m
Source: GitHub Advisory Database
Published: about 3 years ago
Updated: 9 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
No known fixed version