data-measurements-tool icon indicating copy to clipboard operation
data-measurements-tool copied to clipboard
verified publisher icon huggingface

Serious security vulnerability found

Open ashishbijlani opened this issue 2 years ago • 0 comments

Hello!

I'm a Cybersecurity researcher developing Packj [1]. Our tool has detected a supply-chain vulnerability in this repository. In order for me to disclose it, kindly enable GitHub Private vulnerability reporting, which allows security research to responsibly disclose a security vulnerability.

Thanks!

  1. Packj detects malicious/"risky" NPM/PyPI/Ruby dependencies: https://github.com/ossillate-inc/packj

ashishbijlani avatar Jun 13 '23 17:06 ashishbijlani