Malicious code in eslint-config-zeallat-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b28fe7c28614bd60fe323d92db35df502ed3c1c9076a708815031e1a78311c6e The package eslint-config-zeallat-base was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190641 Malicious code in @asyncapi/protobuf-schema-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 927e5dcfc89c461512068769c97bb06898751cd42cd15f50d97c4760c658269b The package @asyncapi/protobuf-schema-parser was found to contain malicious code. Source: ghsa-malware...

Malicious code in cordova-plugin-globalization.moment (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 431a9d9edd37d8a5dc80555f3c56e275f5c79162ed66ae419cc7b2450c6ad75c The package cordova-plugin-globalization.moment was found to contain malicious code. Source: ghsa-malware...

Malicious code in baidu-tims (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8df1a41ee221825ba6e320bbed60cefc43c2254a86e89ff493988c7b5ee8ad3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48308 Malicious code in vite-plugin-es6-babel (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 04fac94db34a750bac1ae88f46269718450d383d01b84a102872d0a2f6748918 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in redirect-prhts6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b32276d7067817b78f366ea8008f4de08e67019bec5e9362851a8940fd8d7c00 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48058 Malicious code in redirect-h0i672 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2b4efe272664ff868b1e9c5a05a87a2f41bf88048d2e4729407cf8932c4af18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47902 Malicious code in mockup-device-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d724d8a07d3f57cfb72aa477d20c02f9b470a7ce9bb8ce5e5cd2895cd50b15e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47180 Malicious code in http-req-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05b36301096608673130a0c0ca70710e71d19aa1f1b849b330ad9cc03911fcbf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in airbnb-prop (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8aacf36d756bbb283dfe3340b8b1a4f2e5d7f9d2b0d662eba57f8e675728055e Any computer that has this package installed or running should be considered...

Malicious code in jsonlogs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de467478eb6a14c26e0545351ab7bf4545a3a66b145512c0b8babc5b8b3a51eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in dijit._widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa0d60292f6c7957aa330c2c5c33bd9c9bf860f405a547f3cdadd639fa980fd5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2020-14978

An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine...

Malicious code in auth0-authz (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5de2600b08c1473abec0bac3c49bbcd4fa9626350cd3eb9c2d325cda30b0381 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in create-krnl-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 211459e94c3ff6a3713ee7a8327fdef67b1eaac62530f22c658dad263fa901db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in dave-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5c5e4c9469fec2d35256dcb0afcf57d63e6cfcf6ef685cf0f916f05cedc34c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pb-node-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 13f6ed4f1be7aaf5a813cae62ab02bae6da785284b44b4ec1ef18522f3c0f7a4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in twilio-realtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b685743691677bab2a820511e27dea13c5ce9441dbd97ca3a24dca0cb92a8a8e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in zztest82 (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 632d9a2711114ce930c19d98e24aab1daa8d6d2a81f71ef0025260b16442acec Any computer that has this package install...

Malicious code in gslack (npm)

This package runs commands on import that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 72940e36f27a988f3e03f79a6a0ce0cafc2e871808da0318087ed2657454ecf9 Any computer that has this package installed or running...