39 matches found
MAL-2025-142719 Malicious code in frontend-wasat-nodejs-nightwatch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44a9b3e0e6c35f9c2f5cb48630a98942aa550303d2bb87c44fb9193fd5581b34 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-142716 Malicious code in frontend-quark-antares-nova (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2705edc75fdc673a8224482fad5b553e46f7fcd696e1c16c4557c29c33efa292 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in frontend-vite (npm)
The package frontend-vite was found to contain malicious code...
MAL-2025-41567 Malicious code in frontend-new (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in axios-proteomics-superflare-frontend (npm)
The package axios-proteomics-superflare-frontend was found to contain malicious code...
Malicious code in express-arcturus-thuban-frontend (npm)
The package express-arcturus-thuban-frontend was found to contain malicious code...
MAL-2025-20976 Malicious code in frontend-zenobia-outercore-eridanus (npm)
The package frontend-zenobia-outercore-eridanus was found to contain malicious code...
MAL-2025-17920 Malicious code in dactyl-telesto-csrf-frontend (npm)
The package dactyl-telesto-csrf-frontend was found to contain malicious code...
MAL-2025-27171 Malicious code in nebula-lyra-quark-frontend (npm)
The package nebula-lyra-quark-frontend was found to contain malicious code...
MAL-2025-34227 Malicious code in supervisor-proxima-tailwindcss-frontend (npm)
The package supervisor-proxima-tailwindcss-frontend was found to contain malicious code...
MAL-2025-33885 Malicious code in ssr-frontend (npm)
The package ssr-frontend was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-2189 Malicious code in resc-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d81dbc4c66b5f25d59f9bd5701536667f95b999b24a84aac3978047f685dc174 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mozilla-addons-frontend (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in ua.unitedforbusiness.frontend (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in agilent.pl29.voldemort.frontend (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in @conundra/components-frontend (npm)
--- -= Per source details. Do not edit below this line.=-...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the getExcludedPathsJSONArray function, which is populated by the plbackurl parameter in the content page editor. An attacker can perform administrative actions, execute arbitrary code, and alter user...
Malicious Package
Overview @kraken-frontend/kraken-websocket-api-client is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only...
Malicious code in web-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6072960685ef2154e26a6d650399a02fc1bc892374cd849d71cb5324f6ae4b51 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...