252123 matches found
Malicious Package
Overview @cloudplatform-single-spa/ml-ai-agents-agent-system is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview @cloudplatform-single-spa/business-solutions is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
stigmem-node's federation peer registration lacked explicit out-of-band approval
Impact Federation peer registration accepted peer key material during registration without a separate administrator approval step based on an out-of-band fingerprint check. Impacted deployments are nodes that accept federation peer registration across a network where initial registration could be...
GHSA-FP6W-8WPG-74G5 stigmem-node: Auth-disabled deployments may grant broad anonymous access outside loopback
Impact Stigmem nodes configured with authentication disabled could grant the anonymous identity broad read/write/federation capabilities if exposed outside a loopback-only local development environment. Impacted users are operators who intentionally disabled authentication while binding the node ...
MAL-2026-5077 Malicious code in puppeteer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abb5e0ca28fe73f218eea4bcbf584520cc1618dbc617326c9036f4de5b9a85c9 Withdrawn Advisory This advisory has been withdrawn because the malicious package detection was a false positive. This link is maintained to preserve...
Malicious Package
Overview appkit-react-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in appkit-react-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49e8fbd1c8061ffedb22f37a8fa90ca96d9830f45d7d318f421681c558aec29d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in viem-multichain (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 000bdcb32a8ca1f6657425685c88c4b60917055d5a202275c50d004462e37459 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ethers-hdnode (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7fc28c232270f2534095dbfbc320845737c981a075ca9d542c2482d82a23a85d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5064 Malicious code in ethers-contract (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71fb8c3fc53908b6c1f910ca98b3940ded0c9acc55112925833e60a64816510d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview axis-abc-search-address is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
MAL-2026-5058 Malicious code in argpras (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40083a8e3e772fd09bb0fca7791e87c2b3edfefe3ad7495b34899b6a54b2b077 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview apexomni is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview ally-antivirus is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in @timelycare/config-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc893c48f00d7000b6737fbccd385652c78342aad49e12c49134ce72b42852a4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in one-view-chat-ui-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a53a27e69da28c6b1eb4c8f441a2e0723e4b7b5c0aaaab08233f5dd41b76308 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in tailwind-effect (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a340be9809f1baa4f0e0ce64286a7d9266ccb49cd82fae68f5ac02b50e193a5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5074 Malicious code in one-view-chat-ui-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a53a27e69da28c6b1eb4c8f441a2e0723e4b7b5c0aaaab08233f5dd41b76308 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in web3-config-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc426e6e28603268949be1817881f2269e7b0464c0fd513690f2f77b6637a719 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in tailwindcss-basic-animation (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa0cc72271b87587b2d58ff45625dfa9df9f8e4547b68096d359757e68b8946f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...