MAL-2026-3480 Malicious code in @tanstack/router-vite-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59c369975f931e9f8a4ca499e887c2ec41f7d1dbfcdcb83fa9e6ec9717ea4910 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @squawk/airport-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a12035131eafd29a07572751653f857706ac1b113fcbd498a70f54d96d5276cc The package @squawk/airport-data was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3502 Malicious code in cross-stitch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfe06155444d60d3774a256051b31f6a4814f484f33830cbe61eec7ebe611be6 The package cross-stitch was found to contain malicious code. Source: ghsa-malware 7c23bb77e762be76915e8202d11074aaa122efe0a8a32e403fa00ee8563c9bbe A...

MAL-2026-3491 Malicious code in @tanstack/start-static-server-functions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb21ff47aa0e512d1f67b02a37d160b475e32fcaa76bea381298a976c3bdd673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/start-static-server-functions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb21ff47aa0e512d1f67b02a37d160b475e32fcaa76bea381298a976c3bdd673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/router-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b5f287de4737a3fc1c486fabad70d3ad833e85ba2ebfa8d0712052da9fca9ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/router-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbe10ec33a8ef57cbee1293be08884f598f604cc51b69f3eed2d17217efd462d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3467 Malicious code in @tanstack/react-router-ssr-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c8db33bfb3bf19b736238a7e0895ecfd856e38c6e86d83f6eee8df6f5c13730 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Unity Linux 20.1070e Security Update: jetty (UTSA-2026-017459)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017459 advisory. For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not...

MAL-2026-3343 Malicious code in @atlan/connectors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22a96e40cb459d89624b2ce0705942ad4d54d8279e780c66fe2d2fa3f727cef1 The package @atlan/connectors was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3286 Malicious code in wagner-horizon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d97421ed33bbba9349de85dd7f575a7c761e70226645a82545378e6e412d3515 The package wagner-horizon was found to contain malicious code. Source: ghsa-malware c1c6c42ada769c8af91fc0c7c7212a759d8138cd9f5c4af4d5b736d8f879c154...

MAL-2026-3285 Malicious code in vpi-guides (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0746aaba735c5411a6b2e62e27b52b39aace59ceebe307f3cd192fbf052b387a The package vpi-guides was found to contain malicious code. Source: ghsa-malware 28248d8cb6eca76057853d4e6ed366107e13c7dce9b6f02d9afd82475152a369 Any...

MAL-2026-3271 Malicious code in @bcs-ui/theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e8fd043a0105b7ec2fd37e2db50a7dbab652403949cf1f0950366ddab6eafdf The package @bcs-ui/theme was found to contain malicious code. Source: ghsa-malware 2a3c36dafcc4718b7edd494534658ed583e693c1235d638066d51997eccb1d10...

Malicious code in @bcs-mi/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32fb1f804a47c0e11e62bab82cc978af199c0517a91965fb2bfd34f226237d34 The package @bcs-mi/store was found to contain malicious code. Source: ghsa-malware cc97afe6281e170826ea8ad4c189a9d5bb874fe69ca97da0e2bbdf327e33ba91...

Malicious code in @bcs-react-ui/context-menu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22d7735468c4f2cdf66767c4b52a6a089b195ea5bb820b82a03690fb0c9586bc The package @bcs-react-ui/context-menu was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3170 Malicious code in frank-newton3-db-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c57962acb9140cd99fb10338da13df89a6af2a7da30694456df2bc151acd247 The package frank-newton3-db-poc was found to contain malicious code. Source: ghsa-malware...

Malicious code in auth0-ui-components-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e0d97624d1290690782d9c5e369ea2df5642da13ce61f091ea686ff4af38ce1 The package auth0-ui-components-docs was found to contain malicious code. Source: ghsa-malware...

Malicious code in wrapped-logger-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe112208d0bcdd21ccfe23bb9c5658a1be2eebaf37068032ea67bb9f93559a9c The package wrapped-logger-utils was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3013 Malicious code in undicy-http (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d4da47dd47cb80cf3a7a93cd81c2154b7cd905834b35f89f0703a5a8dab5d1e The package undicy-http was found to contain malicious code. Source: ghsa-malware daa1abf913048406268c31888f8b6defc0e69b49ba85dcbdb966fea8a3caf235 An...

MAL-2026-3009 Malicious code in rollup-plugin-polyfill-route (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae32c5ba788989f856ede10fa991e6dafa8d9263b0f5fc7384c69fba97e41d4a The package rollup-plugin-polyfill-route was found to contain malicious code. Source: ghsa-malware...