Heykuki News
Top
New
Best
Ask
Show
Jobs
Toggle theme
Login
Top
New
Best
Ask
Show
Jobs
1.
▲
NPM debug and chalk packages compromised
(aikido.dev)
1372 points
universesquid
9 months ago
757 comments
2.
▲
Show HN: Pulsar, a browser-only GitHub PR monitor for engineering manager
(pulsar.arkham-advisory.com)
2 points
stumpyfr
3 months ago
discuss
3.
▲
Embedded malware in RC (NPM package)
(github.com/advisories)
140 points
hjek
5 years ago
114 comments
4.
▲
Pre-auth Remote Code Execution Vulnerability in Metasploit
(github.com/justinsteven)
140 points
pimterry
10 years ago
25 comments
5.
▲
Embedded Malicious Code in node-ipc
(github.com/advisories)
139 points
planb
4 years ago
124 comments
6.
▲
Embedded Malware in Coa
(github.com/advisories)
137 points
StevePlea
5 years ago
83 comments
7.
▲
GitHub Actions checkspelling community workflow GitHub_TOKEN leakage via symlink
(github.com/justinsteven)
129 points
pentestercrab
5 years ago
35 comments
8.
▲
Buffer Overflows in Notepad++
(securitylab.github.com)
68 points
layer8
3 years ago
60 comments
9.
▲
Claude Code CVE-2026-39861:sandbox escape via symlink
(github.com/advisories)
51 points
Armor1AI
a month ago
9 comments
10.
▲
Authorization Bypass in Next.js Middleware
(github.com/advisories)
25 points
nilsbunger
a year ago
2 comments
11.
▲
Notepad++ v8.5.6 still vulnerable to possible arbitrary code execution
(securitylab.github.com)
18 points
dossy
3 years ago
3 comments
12.
▲
Malware in fsevents
(github.com/advisories)
16 points
peanut-walrus
3 years ago
1 comment
13.
▲
Okta Auth0 JWT vulnerability CVE-2022-23529
(github.com/advisories)
7 points
KingOfCoders
3 years ago
2 comments
14.
▲
Legacy LVFS S3 bucket takeover and CVE-2020-10759 fwupd sig verification bypass
(github.com/justinsteven)
6 points
beefhash
6 years ago
discuss
15.
▲
Cloudflare/workers-OAuth-provider missing validation of redirect_URI
(github.com/advisories)
5 points
notachatbot123
a year ago
1 comment
16.
▲
GHSL-2021-1012: Poor random number generation in keypair – CVE-2021-41117
(securitylab.github.com)
5 points
detaro
5 years ago
discuss
17.
▲
Buffer Overflows in Notepad++
(securitylab.github.com)
4 points
archy_
3 years ago
2 comments
18.
▲
Path traversal in YouTube-dl leading to RCE – CVE-2024-38519
(securitylab.github.com)
4 points
todsacerdoti
2 years ago
discuss
19.
▲
Axios request smuggling via prototype pollution – Critical (CVSS 9.9)
(github.com/advisories)
3 points
akhs
2 months ago
1 comment
20.
▲
Malware in Ngx-Bootstrap
(github.com/advisories)
3 points
lambdaone
9 months ago
1 comment
21.
▲
Malware in Debug (npm)
(github.com/advisories)
3 points
duggan
9 months ago
1 comment
22.
▲
browserify/pbkdf2 returns predictable uninitialized/zero-filled memory
(github.com/advisories)
3 points
wslh
a year ago
1 comment
23.
▲
Embedded malware in ua-parser-JS (NPM package)
(github.com/advisories)
3 points
carbonboarder
5 years ago
1 comment
24.
▲
Embedded crypto miner in ua-parser-JS
(github.com/advisories)
3 points
Fervicus
5 years ago
1 comment
25.
▲
Fwupd – S3 bucket takeover and CVE-2020-10759 signature verification bypass
(github.com/justinsteven)
3 points
pentestercrab
6 years ago
1 comment
26.
▲
CVE-2021-41117: Poor random number generation in keypair
(securitylab.github.com)
3 points
Hackbraten
5 years ago
discuss
27.
▲
Legacy LVFS S3 bucket takeover and CVE-2020-10759 fwupd sig verification bypass
(github.com/justinsteven)
3 points
willlll
6 years ago
discuss
28.
▲
Distributed locking using PostgreSQL advisory locks
(github.com/blockai)
3 points
olalonde
10 years ago
discuss
29.
▲
Malware in Stylus
(github.com/advisories)
2 points
veidr
10 months ago
3 comments
30.
▲
Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket
(github.com/advisories)
2 points
lukax
2 months ago
1 comment
More