
We found results for “”
MSC-2025-8024
Good to know:

Date: September 16, 2025
koa2-swagger-ui package was compromised to include malicious code that steals github secrets, using them to create malicious github actions workflows that help exfiltrate even more github secrets. Besides, the malicious code also uses a data collection endpoint using webhook.site to collect all the stolen data. We recommend updating it to 5.12.0 https://thehackernews.com/2025/09/40-npm-packages-compromised-in-supply.html
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Exposure of Sensitive Information to an Unauthorized Actor
CWE-200CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |