2040 matches found
MAL-2026-2077 Malicious code in @emilgroup/public-api-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd16e6bb382d147e1c65b35af9d28a9c8b96c40f440b3a45b14e160a77beb1ba The package @emilgroup/public-api-sdk-node was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2064 Malicious code in @opengov/ppf-backend-types (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8323ddb6e5666c3c6e638547538eda9089f97e0e3605f39b2a561d9a436d8fd4 The package @opengov/ppf-backend-types was found to contain malicious code. Source: ghsa-malware...
Malicious code in eslint-config-ppf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7cc85236d3cad46c2333a3252ffd8e3b96ae35f96a4ea2a4cb801d17c4e07390 The package eslint-config-ppf was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1977 Malicious code in json-bundling (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61f19cbc17dc9182ab2266b7b505dedb74da2b797aa6661669f53efd1b86777a The package json-bundling was found to contain malicious code. Source: ghsa-malware debc855dc41e080d6afbfd087c2a01d8d9e5fac885734e59fb2e1adb870d6198...
MAL-2026-1954 Malicious code in kyxhiagent123 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cbb459239a25561ab1236b8a8a65a78c2a6e4a3d8a1d6108e765bb00f30bc3f The package kyxhiagent123 was found to contain malicious code. Source: ghsa-malware 49504d4323ce1499bf13802068f8105487c66e05b4f7a31f6a2209820ccf08ba...
MAL-2026-1950 Malicious code in hiagenttest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ea4b234d38909b534414ea6c060e079ef07575115b5e06919ad1778930e1c02 The package hiagenttest was found to contain malicious code. Source: ghsa-malware 30c4c5863aa45de206d3f6f50505fc89f13e2613c4fb62b80866030d74bc2df1 An...
Malicious code in mtpdb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89aa3ea4bbc8f5db5e0f67c215b7d778830cdc3c6182ba672690e1c56165165e The package mtpdb was found to contain malicious code. Source: ghsa-malware 0b9a3a3255445cdf958934371ac3763154e4ff6131d4798401fcb0e13823824a Any...
Malicious code in nodex-db (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 851296e1195af851909142fcb22d46855f226b735b02a1510e0ae9015f9c9824 The package nodex-db was found to contain malicious code. Source: ghsa-malware 8553471928a4ec525f93f26d6207bd42e251966d69861965e35f9ee97038d141 Any...
MAL-2026-1946 Malicious code in decode-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44106748430b9007ab9f143fb8ba25fdd44592016d53029e790975d65bbe5825 The package decode-sdk was found to contain malicious code. Source: ghsa-malware 2a2fc9cdfc8d668581e87f6da2c920cf8a1748aa191910ac5db053a46cbc2282 Any...
MAL-2026-1972 Malicious code in wildhunter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd5020979c3e9df261b6bb1525d91874b0c3dd993d6007d1f5f3fe40293a9a6c The package wildhunter was found to contain malicious code. Source: ghsa-malware ef86dd0267c3525fb9b185c8193ead59125fee1e3e962e357ac027f43dfc74cf Any...
MAL-2026-1926 Malicious code in tokenshower (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e31db2e66d226160d10fe5f31a29d7b95cba1d0751cc575c0cf6130679170c7a The package tokenshower was found to contain malicious code. Source: ghsa-malware f9fdcfed91dfe75ee3b371ba973a183f42ff3085a29be233f33b5e34249d18cf An...
MAL-2026-1475 Malicious code in delta666 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb8eaa59df9b36fbda7fdbb9f429aa77b3dd4ce913b22d3e1f7991750136306a The package delta666 was found to contain malicious code. Source: ghsa-malware ed1b6c9a5c4e82e4f1f205e90a5ac9c271dccbf998e06ed81199102594e23d0f Any...
Malicious code in omhcsilence-bails (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f5390575abcab0cfc57edaae4aa14d27eab897c1639fab8a502fcda0760adc3 The package omhcsilence-bails was found to contain malicious code. Source: ghsa-malware...
Malicious code in @vtim/xss-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 947e0af0661087703ab13fc4220ceff05dafffb94addd8243f90a86929beaf3c The package @vtim/xss-poc was found to contain malicious code. Source: ghsa-malware 20e54e730a6708f44f0828a03bf7ac5c9fb2c88074659d45570d90af289eca84...
MAL-2026-1449 Malicious code in vtimmmmmm-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f98c647bcb6a277d8ef94407b1287e79a9840e0956aa955ff01ea19778219c7 The package vtimmmmmm-test was found to contain malicious code. Source: ghsa-malware 7f04d92a8262ba75c225fb58633a5dfbe7c1d4a750b88f634dde448a81e13b63...
MAL-2026-1517 Malicious code in filenames-simple (npm)
The package 'filenames-simple' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1572 Malicious code in transform-new-target (npm)
The package 'transform-new-target' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1501 Malicious code in @storylane/uikit (npm)
The package '@storylane/uikit' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in typescript-vue-apollo-smart-ops (npm)
The package 'typescript-vue-apollo-smart-ops' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in @storylane/shared-packages (npm)
The package '@storylane/shared-packages' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...