An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVnZ3gtZzI5NC1xajNx
Malicious Package in buffeb-xor
Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.
Remove the package from your environment. Ensure no Ethereum funds were compromised.Permalink: https://github.com/advisories/GHSA-5ggx-g294-qj3q
Source: GitHub Advisory Database
Published: about 3 years ago
Updated: 9 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
No known fixed version