MAL-2025-4925 Malicious code in cockpit-header-icon-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware edba84c1a5e3ed1c3b0a0be32d630ab921c73a276543aec3c7c0076379e30e81 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4885 Malicious code in solders (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e7caa25c734e04724db6b49ecc13404bf34c539b99cef0c60d7bd3125f17b4f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in base-hashing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d016b179f42c303733681ba512975f7ad0b2b792e55f57239c9303cecf8bfee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mediaserv-paypal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15084239e2cd202b683ccc27fbc1eca45909c74e4e992b9d5e646ccb07c3cfd7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in rpc-bot-v13 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d36bae9a92f55450da9079525255c532c3077ebdf05866aed4790c5cdb1fe64b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4809 Malicious code in @loybung/weather-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b8141e9c6d2ba6d7cf52aea200f4a596b4e7151c2c3a67b2713cd2cacc96038 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @loybung/inject (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2360caebc7c178c732c57b8da900d7e303a05b8a498693b6f6449abad8fbb19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @loybung/unicode-fonts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 977a645be3c24178c2efe83570b0da277294e1f25f354f1e01934a67a92ccf8b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in bzl_components-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e9d92ea6bf2f83b7f1ef5fda995c4ca9b06ee0c6e4666b1ac581d884dbae28f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mockup-js-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d47de2f1ea832ed5ca1de7b318fac1b4e38fd7f83c2b66d97c4c38cfab1da216 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in jsons-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c23d84cb2201d919fefd3fa95fc777c80ed4adbb5e2fc87e1e1430bcb6edab6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4909 Malicious code in whatwg-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2c673435a301e9ed1203058fbaa25ef8011da36b69d1e3fab4253ebe9e4a6513 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4901 Malicious code in uvicorn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d4f7ba398a2a6f412706dc52b14ad4928a3863790d54c8553cf728b68d373b2b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4900 Malicious code in undetected-chromedriver (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 687b76dc0d575aed0afa6e7d747df99e768e0089d8a461c82a6a962a9ff9e5b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4894 Malicious code in tedious-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ac4ed635b00d44b10eedcd216610356c00baa2dcc266a9d461b148bd50e62c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4879 Malicious code in scikeras (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a571a503cad6f3d53b07cecdc303ec31a63e8375eaf27100ef3699961d08138 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pyiceberg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5fa44fe907854125c2e5e5ebed5ecc53ad3578ce319bfdf5a92524c65793185 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in opt-einsum (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5af28147ec311b3f20c1a63a200d242102077c353766cd3b77c9809bd0af917e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ohhttpstubs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 642efaac1637742aa2d3755af417f202219293d844b0c0ec46300fa7fdfaf046 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in office-addin-debugger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4af71d95c178cd7b60b7f8f5f758ebd7003e5b853b2649a1ad465580d6751f6d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...