224 matches found
MAL-2026-5110 Malicious code in jingmeideshishi (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe45a0c6c68a7c9bff9135ecd725baea4558380b10e02e2ed1670f20146d6633 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @antoncallahan/aws-user-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f93a70eff01af53e3710dab5d23b991b7255e6236bc2db796097bb35ace98a6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @timelycare/common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6971003bc186f038f0e19a64185b47b51e608a4ecf4261a908101f5e046a264d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4330 Malicious code in ts-stream-compose (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1b5f1b3bc249263fa62dddbd51e09f4c9073d7807890a85da174bc76affa787 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3823 Malicious code in parse-escape-regex-string (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41f2d6da130b64c53517f7be20b6f43e0fde62b07a805a2689d1baa4f8c30c1c The package parse-escape-regex-string was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3790 Malicious code in jenkins-forge-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1752ae807c1ded3c735b8ab75a4119f00de67627fbd4a8802331d487b5e2c229 The package jenkins-forge-utils was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3453 Malicious code in @squawk/procedures (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3693f4ec7e3c062f3da5ea7241c2fd87d050767dea2adaee15d7be3f5c80a91a The package @squawk/procedures was found to contain malicious code. Source: ghsa-malware...
Malicious code in frank-newton3-user-hunt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3d2188a1bfb704f499669b386b4268ab26fb46de37022d5b91df575521fcf81 The package frank-newton3-user-hunt was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3014 Malicious code in vime-azl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a86b8ee643a9ac9cb7529c19293e56a1ccefe33d616c0459e90c364f529a55d2 The package vime-azl was found to contain malicious code. Source: ghsa-malware d7731c972c51221a2f0a582c0f7d25c9054e45942accb77b36d8a170074c8ade Any...
Malicious code in optimized-fastest-levenshtein (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ad1df5ecfcba26f63d6afe82b0b81c718ed915074e7e2a1eec30d7fd6815be5 The package optimized-fastest-levenshtein was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2849 Malicious code in @than1st/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33e5a745025283eafbcdaca42eabb928085deea39d64a048431086a73651cbb3 The package @than1st/baileys was found to contain malicious code. Source: ghsa-malware b279f3956e0591d27684f8ad6e1464cb4d3901ef0d1c977ef8ea6ec3f53a71...
MAL-2026-2647 Malicious code in okx-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f537a0896e3975393a32700cc7c402b5b84baade9d30694090e625ef37a8a09 The package okx-data was found to contain malicious code. Source: ghsa-malware 41edc2d01a36c24d285496e1d882419e277f6ac2ded1e21f9d6eb4fd13cada75 Any...
MAL-2026-1540 Malicious code in typescript-type-graphql (npm)
The package 'typescript-type-graphql' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in pearpass-utils-password-check (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e49c29e613eb5defffe0f8db190791cd1e27be699c5aa6343ad0d60814b2e756 The package pearpass-utils-password-check was found to contain malicious code. Source: ghsa-malware...
Malicious code in tailwindcss-forms-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66a402948dc389c4a201ac4271a843d78a5131d377a3904fe178b51c6aef5adb The package tailwindcss-forms-component was found to contain malicious code. Source: ghsa-malware...
Malicious code in bubble-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bac16503e5a840ccf7e88977f38fac02affaa1c8eaff7f449b9832fa03cbd0a8 The package bubble-core was found to contain malicious code. Source: ghsa-malware a4122cb6b21018902fe682cf3dd31246d52f8850e8116649894d89df6f06acb2 An...
Malicious code in iru-caches (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bedff4313b653182b12500ff93779e0605bbd045470b58245a0ab47629e3404f The package iru-caches was found to contain malicious code. Source: ghsa-malware 2f24ac88d53abde060c0a707ee445377609019c4e9f93e40218672b204cb50ff Any...
MAL-2026-920 Malicious code in ambar-src (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de85b3ce658bcfa8f19ed5eeddcdf918f1c269d4fb09eb35804eca9a1ef98a68 The package ambar-src was found to contain malicious code. Source: ghsa-malware 1b3e3fc21cb40fafadf65d25ca331573096b3c7e36c681f4ec213b40931296f8 Any...
Malicious code in chai-promise-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fbc46ec5143004a3a8dbf9138d7317efd21d323b0803a9c1c6f18b73f4ef7c6 The package chai-promise-tools was found to contain malicious code. Source: ghsa-malware...
Malicious code in @nayzak51/primebeem-db (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eda80707c579faf8880cabeefa8ebf20fb33b076337d64cb93a3ebf6e210e29b The package @nayzak51/primebeem-db was found to contain malicious code. Source: ghsa-malware...