448 matches found
MAL-2025-1578 Malicious code in cmp-ocr-liveness-acquisition (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 867eeaa4b91a53b10e36a59a627a3ea2e8164a4ec9b0d9f3829fb936f71330bf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1587 Malicious code in fb-components-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0a156cc9bbfceeb92efaaf503c32f71145adbcafa68aa571a5eb055eea23590 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1634 Malicious code in ton-wallet (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f43718ee3297ac779c4afe0caf05923ca62f75fa0eeb7432c978b903ffd9794b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1639 Malicious code in userread_ca-paypal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aeefb8d4ce3df4396e3e9d76d7378121581442546e61220c1a81feb794dabab2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1629 Malicious code in tedrertrtrtst (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bdf77e0f8793f6db3affddedfb08d60085dbbfad04ed2b0f20ef2cecf43ff283 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in explore-assistant (npm)
This package runs commands on import that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9e10cb387b2960187d5b207b5b8dd3c8e8583e0c91741a0c4506c05af801ed2 Any computer that has this package installed or running...
Malicious code in metamask-sdk-create-react-app (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ed98a81fafea025740493667412dfaf8dd28cd12988fabdf1118a1765a12733d Any computer that has this package install...
Malicious code in clubhouse-to-linear-exporter (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 763c04a1400336e5c62621aba4027b81dfb2b2ba0b01ec823e0f4f62703e0eed Any computer that has this package install...
MAL-2025-1500 Malicious code in string-width-aliased (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da87811ca5c10d2b1336d454f91e621244269510433b79f3e5365176b8bcbe59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1478 Malicious code in byted-player (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8cf324dae7bb985ac37aa0fff183e7f60d94c61c8b95b73049e79fcb49a52c27 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in archon2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2efbecb91840f3bd10abd707ee59f45fc25c310b59477444324c0d40c7e128bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1431 Malicious code in p2pb2b-internal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 239013a9d622d6445f343a6f0649b358c89b51429d2a92f7d64cc09e0fdf3381 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1412 Malicious code in electron-dependency-confusion-window (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db478dbbcf0f5373a70e3193cc1c658b4438bdcd02a3f432b141e442e7bbbda7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1375 Malicious code in pmmmwh (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61153050710afa63f182defea4220d45b2a3d6a8aaf0c059d892d9deee856b6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in biconomy-dev (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ccacc09681a6383aa261381df93b651a806293270c031081ae4af8f993652c7 Any computer that has this package install...
Malicious code in crypto-main (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a037816e38bab1c99484a360227650688ef0859f5e52d151d3b2c87a0865535 Any computer that has this package install...
Malicious code in bingx-internal (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a5d8cdbe3e0f835d014b61ec4d6c06b7b62a9ac36231e8ff2488cd4ce4fbe0ca Any computer that has this package install...
Malicious code in @devstack-angular/jdai (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac06a10b7b09cb556a876d7b76ede19361cf8c7fb2b92fe70daf3f55cc180dd2 Any computer that has this package installed or running should be considered...
Malicious code in tree-sitter-sqlite (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6171aef6bf33d3a77ea0523c0609d12e396a579ce197757f9ac020689a6c2363 Any computer that has this package installed or running should be considered...
MAL-2025-1060 Malicious code in alpha-launcher (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 813103e220bbdc9611499386ec8ea80516980d09eeca43e74370925dc5f3a387 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...