2642 matches found
MAL-2026-2063 Malicious code in @opengov/form-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a11b439f6b43c87972ca0e9cf8a54332a77b44da906d0bb0068e0af2532776b The package @opengov/form-utils was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2053 Malicious code in @emilgroup/partner-portal-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e6d39860559ec42dbfe2c1b124d8354e3fc7985ea21f2c1a7ae35f874875726 The package @emilgroup/partner-portal-sdk was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2051 Malicious code in @emilgroup/insurance-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ddc13f3218d4cac889a3d7c9d646430c04959f242c5c6cb593d3a31f84baa7a4 The package @emilgroup/insurance-sdk-node was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2027 Malicious code in opengov-k6-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d6d3e0e21551377d17f0e85338f6ea9650b7c18f717b6e1060b1d50962ed112 The package opengov-k6-core was found to contain malicious code. Source: ghsa-malware 1370c540f2157e1e42d9edb109b0b6c57f27d35cfcfd8ebef2a5dc2d44db6e3...
MAL-2026-1978 Malicious code in json-specular (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21e4ef994911ed1494838bbc4c0f20fb4e194a7e264a9e7014759d9e23466ac9 The package json-specular was found to contain malicious code. Source: ghsa-malware 1bb4124a4b5522f2d7f36098f59a85a760b3e029a30baffafa922a34d2e7a21c...
Malicious code in parsejson-pro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bee06fce3066f17a6400fc1800b42e5c53eeb9826bb9672cec6ad8ff65306807 The package parsejson-pro was found to contain malicious code. Source: ghsa-malware f2f105fb92bd66d0baadfb4bc605643a2eaff5cd51a4d565f82f61e4c0cb3a71...
MAL-2026-1959 Malicious code in node-business (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 792eac8bec173409a594f162c30deb42b1fd0592892e4c5aa5884cab16290b90 The package node-business was found to contain malicious code. Source: ghsa-malware 056b764f3a3ce19cb19eb194a6a00e7ee3e1fb99de205cb4dc27870b8c6721aa...
MAL-2026-1956 Malicious code in llmstash (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28c72133178ff53e9c15a1fa3dd94cb2c3b3baf027cd8e18f4b5eaa12674a051 The package llmstash was found to contain malicious code. Source: ghsa-malware c3fb84b88ae3519c2312fd93ad4ffb2dfc9314704ce1a2f67643c29b6bacb17c Any...
Malicious code in supportgameapp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a47bd58f99ca83621adcd03a62db6b246a9bef49500f502bab948c371f7ead79 The package supportgameapp was found to contain malicious code. Source: ghsa-malware 62c4a020a9479973b325083e07d2a5a87d4afdf4260a2b2c78a8e164d0e01918...
MAL-2026-1934 Malicious code in big-nunber (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f23ede1c7b10923f9db48acb43cc160860b18e8be59b8bd2a26109ac8495ddd0 The package big-nunber was found to contain malicious code. Source: ghsa-malware af922fdcf3519d03326fd29435ab7bb179a1505a9082641e92a2f77f98332974 Any...
Malicious code in pretty-changelog-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64b9f609acf299244364375bad1f58bc65eb5c8b17ca7e9bc92de94aff7e975c The package pretty-changelog-logger was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1443 Malicious code in es-lint-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cb77bc53967094108e0dec0e00ddd13bef1d74b3482d959c28c4fc13753cd49 The package es-lint-builder was found to contain malicious code. Source: ghsa-malware e4f62649e3a09df9cabfd19d23538447b0d8762de9506c23c5b27c4a6882967...
MAL-2026-1442 Malicious code in bignumber-tool.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81863c7d661d7e537eb4cafb3e74ae83b61483b4617c03f6a4283d34ce651102 The package bignumber-tool.js was found to contain malicious code. Source: ghsa-malware...
Malicious code in transform-typescript (npm)
The package 'transform-typescript' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1500 Malicious code in @storylane/shared-packages (npm)
The package '@storylane/shared-packages' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in pulsard-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5088b269cb089b9b077cf5a13f9b00cbb8d01375276ce1e2f1c99fc7154a46be The package pulsard-utils was found to contain malicious code. Source: ghsa-malware ff1030d82dfca7d7403806e0bd8ba645d25cddd141cb5480664a6555f2d441d7...
Malicious code in libsignal-mod (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 211e000c840d09f14adc470cd83c124e8a4e49249e78c8a759693e3678c63da2 The package libsignal-mod was found to contain malicious code. Source: ghsa-malware bb9ca486dd8fcc83473d13eb8fd8c5f8881d2be2d8301a167de2d40ad8513c51...
Malicious code in gamma-api-provider (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0c08011b9300cb8b734d3d0bebc12d47ba78173fd7bb3b676459217b0c2d367 The package gamma-api-provider was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1332 Malicious code in mui-path-imports (npm)
The package 'mui-path-imports' is part of the PhantomRaven supply chain attack campaign Wave 4. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1305 Malicious code in collab-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 827bba21aab2fb6ac088e0ab66d2d6ce16a9edcfb26736c85c5d9c8488019b21 The package collab-library was found to contain malicious code. Source: ghsa-malware aa4043d376077e02719a8d768bb1e2631de6c69525ebd948ed92102f617adc9c...