448 matches found
MAL-2025-47015 Malicious code in checking-ips (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 941a9d77f27a5cf03000409003dc26dc454bbdfe54ff4e4bdcd72c5184e45263 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in nf-web-ui (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c9daed61da73f36e121e5335edee0f392a2a0f1ee89890f0589974f04ff0f1c9 Any computer that has this package installed or running should be considered...
Malicious code in grok-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 86e3c3ed43462c81e220a40fc8643c2c519f947bb781dff9a1d13de547b4d520 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-6388 Malicious code in dhei-0731-pkg2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe8d7b6c360cad159d0e612206bf57a2317fd56b354a52d680325314989891c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-6375 Malicious code in vanilla-cacher (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a170174d56e5363e8c8a3d47eb94f80f3b3dc18a2bf2240e372730ffe076ca97 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-6370 Malicious code in react-icon-maker (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 46dc16e0765ddb06bcc46c49b58deba17ff9d4fce6cc5b65ebba0f617cf44fed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in exceljs-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 542e79c60c18aa779332620c884952b318f885c798a0ac8c2d3bf87bfad26950 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-6338 Malicious code in @sys711/my-npx-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4c05684044741c67899c2f0bd5728540fec66f7e4f62a44542006c938e0c550 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-6273 Malicious code in airbnb-booking (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76c83cf952a70005332c86b068da928bd1375aeaef2702a8c61be6af4aa24e94 Any computer that has this package installed or running should be considered...
MAL-2025-6290 Malicious code in kalitest11 (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 26193c08ed761df2176023996662e8905acb48a4b9404a0df12ad9d1570ba586 Any computer that has this package installed or running should be considered...
MAL-2025-6314 Malicious code in swap-token-list-poc (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff37669cef0c949bb0dd7b4eebab3d14891256532b09e265c1a486fb2ca0996c Any computer that has this package installed or running should be considered...
Malicious code in scenes-testing (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ede91952fd4d242e34d4fdd634b5d10a0f0d16145af1bfbfe011b8c5c1d02501 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-6177 Malicious code in lint-pr-title (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7a7398205d96f4d045fedf2fbd41ba545c40048a2e9683747ab8bec7ac77a1f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-6004 Malicious code in winston-compose (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 981347a4b88ce00ab42b1a3f93b56d89cf28282070c617325e304221c6ce4882 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5883 Malicious code in @web-kit-package/grab-login (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b40f792f041cb54fd538d312324aefe4be963bdebc3734132184a9c3b4c875fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in paypal-invoicing (npm)
Malicious package. Collects system info, exfiltrates data to hardcoded IP, runs code during preinstall, and attempts to hide activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd66aabb4b40f49dc7ef8bda42a33f705beb6def65601b8fd3025c7e055bc2e6 Any computer that...
Malicious code in flow-playground (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14d20a3a54d31a33e86fe7ad68eddc9fbfb2b2d94bc3787b6d963b290d2fbdde Any computer that has this package installed or running should be considered...
Malicious code in fxa-auth-server (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 001dcafa5fa85d6d5358a1a79909f92615e17cae27329f2b1fea9c1cc51d41ca Any computer that has this package installed or running should be considered...
MAL-2025-6089 Malicious code in fxa-auth-server (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 001dcafa5fa85d6d5358a1a79909f92615e17cae27329f2b1fea9c1cc51d41ca Any computer that has this package installed or running should be considered...
MAL-2025-5734 Malicious code in vite-meta-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38fbb013e3df2485e72ad722dfab14b0295214d9f631913350b0eec0d658469a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...