An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWcyYzQtNG02NC12eG0z
Malicious Package in buffer-yor
Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.
Remove the package from your environment. Ensure no Ethereum funds were compromised.Permalink: https://github.com/advisories/GHSA-g2c4-4m64-vxm3
Source: GitHub Advisory Database
Published: about 3 years ago
Updated: 9 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
No known fixed version