25 matches found
Malicious code in @mimecast-ui/components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e59a7d55636b02d0a28954889c22f021de5b4f33c525ce7712706df60cd9af3 The package @mimecast-ui/components was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-987 Malicious code in vl-ui-accessibility (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a7e52c3145cd55d304bb64380b4ac900f8fcda605ef0d88ad4b445709c1fa6f The package vl-ui-accessibility was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-249 Malicious code in @flipster/utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7959db4a5848d904daa027ec759ca4588e6c033f1df17a82686a3d28d2dd2e9f The package @flipster/utils was found to contain malicious code. Source: ghsa-malware 0490c6f411da9b1fa5efbfd1cad8e7b41ec915751813279fb2a89a0f5e96752...
Pack-A-Mal: A Malware Analysis Framework for Open-Source Packages
The increasingly sophisticated environment in which attackers operate makes software security an even greater challenge in open-source projects, where malicious packages are prevalent. Static analysis tools, such as Malcontent, are highly useful but are often incapable of dealing with obfuscated...
Malicious code in newrelic-scheduler (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 283d0b11edc13929f769d9072e403ef35901c2c26167edbfadb2573cbadaa850 The OpenSSF Package Analysis project identified 'newrelic-scheduler' ...
Malicious code in gear-idea-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7a66acd20e2061aa436f304d41c80567e858c74d563f53fcd774df5bce17c47b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2585 Malicious code in vulnerable-dependency (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 39aee709a198819a063291a6ebb8c985b0335af324647cdc6492671701bfb294 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in wdpr-test-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis aa07fe623ed4f4dd2faf6053e7bdf936f13e8e3ee0dd7ffcc9af37cc778eef8c The OpenSSF Package Analysis project identified 'wdpr-test-package' @ 999.999.999 npm as malicious. It is considered malicious because: - The...
Malicious code in com.unity.2d.common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75a37bfaf17aed750692186fe017783457f38ab50f15f7a49ddb94033cb27443 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @awan_7715/model-viewer-space-opera (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e555e285993ff5179f3dad8424c83097053d02d6b4a91a72319eaabb6f1e6282 The OpenSSF Package Analysis project identified '@awan7715/model-viewer-space-opera' @ 1.1.1 npm as malicious. It is considered malicious becaus...
Malicious code in microsoft.applicationinsights.persistencechannel (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0c6d541610ea02e1c898560a24798cf5ccb4c38d66f367bc6f205cc4fe5377dc The OpenSSF Package Analysis project identified 'microsoft.applicationinsights.persistencechannel' @ 99.99.99 npm as malicious. It is considered...
Malicious code in eth-based-p2p-e2e-latency (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 596b12335f8cd6e12055b2a8df2f4afb1a74c9275d3f22a0e21bc003956092ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in autolink-jira-issue (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d899824dec6a9efaddf4482f495ca1b557fc0ec18d4371e0214c6397fd95ee71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in lit-3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 58fa9943fe7f3a2ad80c2d7ec817ab05718838e0aef345b7d44416f0f525cdc2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in broadcast-podlet (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 73de5f4ddc33163129934b982d533ce73fdfe00485428f486f3b8d2312de1537 The OpenSSF Package Analysis project identified 'broadcast-podlet' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2024-7655 Malicious code in sap-callerid (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis aaf954365d809a7ff5859e9f1797a1acb30ac55273ed61e83c468025645b7116 The OpenSSF Package Analysis project identified 'sap-callerid' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2024-7629 Malicious code in sap-bodytext (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 13ca72d7cf90b082471932dde2a189cf23531ac4f6682bccd09ef9e2ba536852 The OpenSSF Package Analysis project identified 'sap-bodytext' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2024-1183 Malicious code in teslamotors-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ff47ce37cbaa6b68373ed17ef85fe4403bf2b4865e9ef971a397714d2f7b8cce The OpenSSF Package Analysis project identified 'teslamotors-server' @ 99.2.0 npm as malicious. It is considered malicious because: - The packag...
Malicious code in watchman-search-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a9d31c46bc906a3eeb18b4852518f529d915f87ab7935775541759d38c18151e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @ms-atlas/datastudio-diagnostics (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a3f339799f51093d5209c8cdce0977b24869016867c813f0abcfc5143e81f921 The OpenSSF Package Analysis project identified '@ms-atlas/datastudio-diagnostics' @ 0.2.10 npm as malicious. It is considered malicious because...