CWE-506— Embedded Malicious Code
The product contains code that appears to be malicious in nature.— MITRE CWE catalog
86 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-506page 1 of 2
- CVE-2017-16044HIGHCVSS 7.5EG 7.52018-06-04
`d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16045HIGHCVSS 7.5EG 7.52018-06-04
`jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16046HIGHCVSS 7.5EG 7.52018-06-04
`mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16047HIGHCVSS 7.5EG 7.52018-05-29
mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16048HIGHCVSS 7.5EG 7.52018-06-04
`node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16049HIGHCVSS 7.5EG 7.52018-06-04
`nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16050HIGHCVSS 7.5EG 7.52018-06-04
`sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16051HIGHCVSS 7.5EG 7.52018-06-04
`sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16052HIGHCVSS 7.5EG 7.52018-06-04
`node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16053HIGHCVSS 7.5EG 7.52018-06-04
`fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16054HIGHCVSS 7.5EG 7.52018-06-04
`nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16055HIGHCVSS 7.5EG 7.52018-06-04
`sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16056HIGHCVSS 7.5EG 7.52018-06-07
mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16057HIGHCVSS 7.5EG 7.52018-06-07
nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16058HIGHCVSS 7.5EG 7.52018-06-07
gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16059HIGHCVSS 7.5EG 7.52018-06-07
mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16060HIGHCVSS 7.5EG 7.52018-06-07
babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16061HIGHCVSS 7.5EG 7.52018-05-29
tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16062HIGHCVSS 7.5EG 7.52018-05-29
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16063HIGHCVSS 7.5EG 7.52018-06-07
node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16064HIGHCVSS 7.5EG 7.52018-06-07
node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16065HIGHCVSS 7.5EG 7.52018-06-07
openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16066HIGHCVSS 7.5EG 7.52018-06-07
opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16067HIGHCVSS 7.5EG 7.52018-06-07
node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16068HIGHCVSS 7.5EG 7.52018-06-07
ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16069HIGHCVSS 7.5EG 7.52018-06-07
nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16070HIGHCVSS 7.5EG 7.52018-06-07
nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16071HIGHCVSS 7.5EG 7.52018-06-07
nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16072HIGHCVSS 7.5EG 7.52018-06-07
nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16073HIGHCVSS 7.5EG 7.52018-06-07
noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16074HIGHCVSS 7.5EG 7.52018-06-07
crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16075HIGHCVSS 7.5EG 7.52018-06-07
http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16076HIGHCVSS 7.5EG 7.52018-06-07
proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16077HIGHCVSS 7.5EG 7.52018-06-07
mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16078HIGHCVSS 7.5EG 7.52018-06-07
shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16079HIGHCVSS 7.5EG 7.52018-06-07
smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16080HIGHCVSS 7.5EG 7.52018-06-07
nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16081HIGHCVSS 7.5EG 7.52018-06-07
cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2017-16128CRITICALCVSS 9.8EG 9.82018-06-07
The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.
- CVE-2017-16202HIGHCVSS 7.5EG 7.52018-06-07
The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
- CVE-2017-16203HIGHCVSS 7.5EG 7.52018-06-07
The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
- CVE-2017-16204HIGHCVSS 7.5EG 7.52018-06-07
The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
- CVE-2017-16205HIGHCVSS 7.5EG 7.52018-06-07
The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
- CVE-2017-16207HIGHCVSS 7.3EG 7.32018-06-07
discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin.
- CVE-2017-20201CRITICALCVSS 9.3EG 9.32025-10-08
CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit builds) contained a malicious pre-entry-point loader that diverts execution from __scrt_common_main_seh into a custom loader. That loader decodes an embedded blob into shellcode, al…
- CVE-2017-20202CRITICALCVSS 9.3EG 9.32025-10-08
Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and fetched a remote script. The fetched script conditionally loaded follow-on modules that performed extensive ad substitution and malvertising, di…
- CVE-2017-20203CRITICALCVSS 9.3EG 9.32025-10-09
NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant li…
- CVE-2018-25117CRITICALCVSS 9.3EG 9.32025-10-15
VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject…
- CVE-2019-19771HIGHCVSS 8.8EG 8.82019-12-12
The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets.
- CVE-2020-15165CRITICALCVSS 9.3EG 9.32020-08-28
Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as p…
Map vulnerabilities like CWE-506 to your infrastructure
EchelonGraph correlates every CVE — across CWE-506 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →