103 matches found
MAL-2026-6894 Malicious code in tracing-str (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 466143b5f195d4924e2227921a288954ecec9ed34d52af8ff433056f5ff56903 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in terminal-pretty-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab5f2a4118b739df793ebe9fc8d0a2bcf9716ab9f610cbf6a6c70c45643997b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5496 Malicious code in @validate-ethereum-address/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31c6ff12976558c9f1b005e95ad8a4c3b366723f0a1409d73f904f568be326cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4844 Malicious code in @polka-ui/reco (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 748e9209b5841d7276bc8325c476b21c3061fdc37dc9db0280f033ba9badc8c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in jwscube (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 325d4311f3dd1d82c8f9ee1ddc19a767eb69adf0a338625c8ce1e9d40062dec7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-2641 Malicious code in chai-as-refined (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc7bd5b01fccd5ef5cc96d9a4eecf5801c6b34a062718a2131d2b2abb7a93191 The package chai-as-refined was found to contain malicious code. Source: ghsa-malware 5a69e4e0dbfe130a3d5da8413eb7ad9a490dc1874ee69ef385156479b365da4...
Malicious code in @dtc-campaign-wizard/campaign-wizard (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99f551e16bdd57ec65154ddd0b1ebe5a701abe98d86f25490fb3c36b19e9fa41 The package @dtc-campaign-wizard/campaign-wizard was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2573 Malicious code in @aircall-ecosystem/integrations-msteams-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4343cd15bb1d3104166b2ddf4f549bc184fde49233b5cfba97f353f00a8c2a2e The package @aircall-ecosystem/integrations-msteams-frontend was found to contain malicious code. Source: ghsa-malware...
Malicious code in node-coremesh (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c5a0cdd89bf30a4af39a8b084445dc8db5a9433149b2935e8c2ad63a3cef008 The package node-coremesh was found to contain malicious code. Source: ghsa-malware f8ed9a272c9d2d960b2ddae6ef1f7128ff576014f4d3c296ca2b6d74eaea4ceb...
Malicious code in super-alias (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10ee12ec5ce74c0899ed60e17d1baf7095efc7ab305e51d4fcf20db72306621f The package super-alias was found to contain malicious code. Source: ghsa-malware 2c8c29e0ebca0170c77383154e5c6f2fe5280412fea18d255b496b94ae0aac5f An...
Malicious code in @emilgroup/billing-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91fdd5297b7532183f2b29871b23802ced24b046c92f2826618bc083dd243620 The package @emilgroup/billing-sdk was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1452 Malicious code in @sheniraid/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f232c1235fdee715d838e2f39abd6c3510308c313c075458df080ce28a4c26fa The package @sheniraid/libsignal-node was found to contain malicious code. Source: ghsa-malware...
Malicious code in syntax-class-constructor-call (npm)
The package 'syntax-class-constructor-call' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1268 Malicious code in @shenira/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37c19428681ab141c5cbfe55488bba7fb3d752e39dcffc01da944544bc0b104b The package @shenira/libsignal-node was found to contain malicious code. Source: ghsa-malware...
Malicious code in anthropic-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49a0221a103a31cc2bf5e4f6c7d5fc7e0a8cbb2128d06aafe849e2c0df492fa8 The package anthropic-sdk was found to contain malicious code. Source: ghsa-malware fb69378ea2c4bf83cabc021e0e00f2cc8f87b8d9ddfd536f6e0285d10dbf4daf...
Malicious code in awsm-acslibs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75908418c77ed1eed9d51f2880e20a9608a49fe6e21582715517f0fa4044d349 The package awsm-acslibs was found to contain malicious code. Source: ghsa-malware 566e39645aaa10c8e2d212725d48fa1023624b811c5d98b6c4cf6354d1beba95 A...
Malicious code in pp-js-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21ef567b818a3642f6a51a1d26f23c897c1ecc73c6e431361ee1512d288ab455 The package pp-js-lib was found to contain malicious code. Source: ghsa-malware ba1fcfff2f6e86511e78c7092763167dfd731beef4f008cc933bf1bb5b4255e1 Any...
MAL-2025-192422 Malicious code in real-time-tweet-streamer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 692b2a444eb479ec815e98413b99cd6cb677cf8be77edef431d8acf9d6c9e5c5 The package real-time-tweet-streamer was found to contain malicious code. Source: ghsa-malware...
Malicious code in initial-path (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bdfbaf17e5ea42f67e6327f5dfe8766f8a5f8d83fb4b390fc8d780da5555187 The package initial-path was found to contain malicious code. Source: ghsa-malware 014c829694ccb06463ad706603727d070cbf38be1e103200b54c1235ccc82611 A...
Malicious code in workingstealer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e56b24eb6e9737f361dce6ec109a95d6329de8392f296067cdc01e7f6950ddd1 The package workingstealer was found to contain malicious code. Source: ghsa-malware a5fb745fd37fc6048377cf7a40be4da1bf4751d412c4601909747d7b4ee38bb0...