3446 matches found
MAL-2026-2631 Malicious code in babel-plugin-blocks (npm)
Malicious package due to data exfiltration via test, preinstall, and preupdate scripts in package.json using wget to send data to webhook.site. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 679960b444e4781d7276df8692808a4bc4507d29aefe943ffe4d3dfb35dcc141 The...
MAL-2026-2613 Malicious code in upstart-offer-container (npm)
Package collects sensitive data SSH keys, AWS creds, env vars, exfiltrates it to a remote server, and executes shell commands. MALWARE! --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 148e48dd7b06a250063027a17895962000ca784a3fe52b704bea049afc85763a The package...
MAL-2026-2326 Malicious code in raydium-bs58 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 866a59b63d949dfe36c6082c9daa6fddcb18993724e9980c245a49ff59944fee The package raydium-bs58 was found to contain malicious code. Source: ghsa-malware b6ba968c5cb1e12fc81fc5ed1694c2221b6ac0299199508b80100927801f07f3 A...
MAL-2026-2312 Malicious code in tailwindcss-typeface-inter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3a4cecee37faea4489bd810f6d044cde9205a74e0c225bef7b07cbbe207eb88 The package tailwindcss-typeface-inter was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2237 Malicious code in jsonify-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b16e04dbb8a655525d1dcc95902eacad5b738ac61852151526e1e0a95447a3f0 The package jsonify-builder was found to contain malicious code. Source: ghsa-malware 4f4842e5bf9d324a472ef06cb8dc42b177eee930c375c76176e9a67f032d05f...
Malicious code in validator-lut-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c9f447a3c02a6c7ea716862009fcf6853c8d52e05144fa78746cbdbfe3ef000 The package validator-lut-sdk was found to contain malicious code. Source: ghsa-malware...
Malicious code in tailwind-compile (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bbf65c7619b6b53280e5b8466ad34ab144b9e6f1da1ab9a80fc621001cc380e The package tailwind-compile was found to contain malicious code. Source: ghsa-malware c6dd40384bf67bcd86f55c070ba74b522d8a9531dec334d4604f0b3737cd96...
MAL-2026-2193 Malicious code in @sixcore/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1286e85f8b045ceb430500873b6a172bc5bef2193da8d53ec25183e7a4984cd8 The package @sixcore/baileys was found to contain malicious code. Source: ghsa-malware 4d631c0d901cd4ee9e33f1b24f2a7e067cb4369c7813ce8d46e7e7f0e2217a...
MAL-2026-2190 Malicious code in ts-bign (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a068fd0715cfd570ef64c7f6d249383560483880d19fb75a94ac4997a742c70 The package ts-bign was found to contain malicious code. Source: ghsa-malware 6e364f088c15924f92d8290e79ca278120b3d8778345dcad0aad75e821d352e0 Any...
MAL-2026-2189 Malicious code in simple-util-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4e97df136a9f8721793e4556b53f908cb10a6df1b2febf5edd3d9d8ef7ab2c7 The package simple-util-kit was found to contain malicious code. Source: ghsa-malware ade2d906419f8d8a97dff43ed8530e27612faa88503c6696838b30f201d5e6c...
Malicious code in @shennmine/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04f4d27219071c7adbcedd56c54f0ca559b3d3651e6203b38d5170bb0e239f66 The package @shennmine/libsignal-node was found to contain malicious code. Source: ghsa-malware...
Malicious code in chai-patch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b7a1b00f9cf8ff93aebfbb318e0f4da8d56a985a1eca3c305142e708dc6fc55 The package chai-patch was found to contain malicious code. Source: ghsa-malware a5b659f5744d677c50cb63bc98f750071b3db390e25b81a553debdff48ffac6a Any...
MAL-2026-2168 Malicious code in chai-patch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b7a1b00f9cf8ff93aebfbb318e0f4da8d56a985a1eca3c305142e708dc6fc55 The package chai-patch was found to contain malicious code. Source: ghsa-malware a5b659f5744d677c50cb63bc98f750071b3db390e25b81a553debdff48ffac6a Any...
Malicious code in @rexxtheproject/elaina-baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35f9ef0d26d553f66ecfe3fb2813906a4a457ec3918fb5c0508441f3e13d3fa4 The package @rexxtheproject/elaina-baileys was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2156 Malicious code in tailwind-animationbasis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 613bfa904c0195c7d59209123554b2be83ed4a0568c174e8b221e22725fec103 The package tailwind-animationbasis was found to contain malicious code. Source: ghsa-malware...
Malicious code in sbx-mask (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 199f83840bd0dfd9d9e7295134e439e8adec273f9be8477d0ff68b6ec8c491d1 The package sbx-mask was found to contain malicious code. Source: ghsa-malware d04d541813f3f1e2bd2d1c509c5ea3463d64caf433617ab3398e118171f2cc65 Any...
MAL-2026-2132 Malicious code in sbx-mask (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 199f83840bd0dfd9d9e7295134e439e8adec273f9be8477d0ff68b6ec8c491d1 The package sbx-mask was found to contain malicious code. Source: ghsa-malware d04d541813f3f1e2bd2d1c509c5ea3463d64caf433617ab3398e118171f2cc65 Any...
Insyde BIOS SMM Memory Corruption Security Update
A potential security vulnerability has been identified in certain HP PC products using Insyde BIOS InsydeH20 UEFI Firmware, which might allow arbitrary code execution. Insyde has released mitigation for the potential vulnerability. HP has identified affected platforms and corresponding SoftPaqs...
MAL-2026-2101 Malicious code in sidebar-basket (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abd1b121a57bf0b4d96e4f902f6d051ff5b485ab7fc412f8940ce2c294ddb660 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in puzzle-render-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c63be86e7f93cd0f5f6663aa57978a4c6ff6b497ef1aafcddcdbea71e25fa02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...