3446 matches found
MAL-2026-4299 Malicious code in @gbrlxvii/ts-project-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ccd044c036fa133a25ae5988694388a63c47a5edcf58c36d1dad610b8d1194a0 The package self-describes as a TypeScript linter but on require silently loads lib/perf.js wrapped in try/catch in index.js which performs...
Malicious code in model-switch-router (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
MAL-2026-4236 Malicious code in dependency-audit-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07144a70b38d5ada8c75d4cb8027f378cca7c094f823a544d056b07cb999e663 package.json declares a postinstall hook that runs node -e "tryrequire'childprocess'.execSync'npx env-security-scanner@latest...
MAL-2026-4226 Malicious code in tailwindcss-themers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 091ab8da12c1de90002f159fc2db723d4c26b0bc66247c3278f4d07e159ae8c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in json-spectaculation (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5666b784c76bbb0ecb504b52a7e70d17bfe910ad374f223e53deca3b57021278 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
DEBIAN-CVE-2026-9113
Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...
MAL-2026-4186 Malicious code in @doctolib-apps/native-personalized-services (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac2da4b8de2ea081f8fe7b84ef6182ab363616dc0515aaa03368bcba4a4b8e76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @zentrafinance/contracts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 867d053632b3bcc143ed8f9f0f75a1dccdc210cede972e8006d698ef796793e5 The package @zentrafinance/contracts was found to contain malicious code. Source: ghsa-malware...
Malicious code in safe-env-reader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad60c5cf4596544e0850900c3340d21c5fec76024a063c057b8b935b02366d4d The package safe-env-reader was found to contain malicious code. Source: ghsa-malware 8fc3e1ef0bee11b2c0e5cb99d3c821492232db6c715fd90cde09c74aa86b926...
MAL-2026-3826 Malicious code in secure-env-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fb7787215b2967bfcddab47d96770b6d2ec2e1328ea2ef789e003aa53de4960 The package secure-env-loader was found to contain malicious code. Source: ghsa-malware...
Malicious code in atlassian-jenkins-helper-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 526951af835c5c23fe1c8c7b4d5180e324baeae2de710b4a3d862c2e372da4af The package atlassian-jenkins-helper-utils was found to contain malicious code. Source: ghsa-malware...
Malicious code in atlassian-marathon-asset-pipeline (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d32d9c71cf7460230bdc7da7e9c9cddc9618a5ca53a66adde25fb5a3e588418 The package atlassian-marathon-asset-pipeline was found to contain malicious code. Source: ghsa-malware...
Malicious code in jenkins-for-jira (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8cad9f892c0d9dc4daa1424ece0fdaaeb28938252726be668e5880537046533 The package jenkins-for-jira was found to contain malicious code. Source: ghsa-malware 1f7a28558fe9fa734ff5ef86a48965f24b37790a53a4ec35ca344e548d3818...
Malicious code in marathon-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cdc9efb8f4187062e02260f2126eda85583ad4d7e274c7f3c5d72b900e3eff3 The package marathon-assets was found to contain malicious code. Source: ghsa-malware 79835a80726adeabd12385031ae8c8a34d577b780fce22a9eb86304161ab2aa...
MAL-2026-3792 Malicious code in marathon-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cdc9efb8f4187062e02260f2126eda85583ad4d7e274c7f3c5d72b900e3eff3 The package marathon-assets was found to contain malicious code. Source: ghsa-malware 79835a80726adeabd12385031ae8c8a34d577b780fce22a9eb86304161ab2aa...
MAL-2026-3783 Malicious code in babel-6-compatibility (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8087b9d84c49b5f44fe119e347d1fe658395eb8af859209bcf8884716692229d The package babel-6-compatibility was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3780 Malicious code in aliyun-internal-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ad3b492d9e89c081c72b95aba3aa4fd0c436a8f5050c7538e57dec619af2258 The package aliyun-internal-config was found to contain malicious code. Source: ghsa-malware...
Malicious code in sol-coverage (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6ac3d8c51b3f87a97b7b9724145b73d894fc4027da14122aea3eb6d51bfb671 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3731 Malicious code in mrgn-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16fe2927853a543269a7eb66273bfea477dd040bc2e90f40d9b3642e9d138f5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3728 Malicious code in hardhat-core-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b62021752710dce40c5fa0491b2c8e75454d25ee7e80bd15e3b5a99ace923ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...