EUVD-2025-132793

Malicious code in @akunsansan0/karedok33 npm...

EUVD-2025-76385

Malicious code in lonelymastodon-apptea npm...

EUVD-2025-86130

Malicious code in fadhil-tongseng86-kyuki npm...

Malicious code in shivering_ocelot_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63ceb865ff55ce105f30b93bc16cf09af3cfd28caa974c87d8c29f86724da329 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-39356

Malicious code in udin-bika32-riris npm...

EUVD-2025-41228

Malicious code in dian-miebogor16-riris npm...

EUVD-2025-36841

Malicious code in ing-web-es npm...

MAL-2025-36264 Malicious code in test-mlw2-slush-gulls (npm)

The package test-mlw2-slush-gulls was found to contain malicious code...

MAL-2025-38257 Malicious code in version-enceladus-rocket-astrometry (npm)

The package version-enceladus-rocket-astrometry was found to contain malicious code...

MAL-2025-34529 Malicious code in tango-yankee-alpha-vhkfd (npm)

The package tango-yankee-alpha-vhkfd was found to contain malicious code...

MAL-2025-39693 Malicious code in xenon_wj7ni_ec5ea_solstice (npm)

The package xenonwj7niec5easolstice was found to contain malicious code...

MAL-2025-8004 Malicious code in @hishpr/in-beatae-quae-occaecati (npm)

The package @hishpr/in-beatae-quae-occaecati was found to contain malicious code...

MAL-2025-39237 Malicious code in whisper-tzdh4-m9tux-bison-project (npm)

The package whisper-tzdh4-m9tux-bison-project was found to contain malicious code...

Malicious code in tpcvurlpong (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 001eabd8aa23a93db2f17fe69268f9eba2dece879e5cde7dbc93297d6d6279f6 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in selfverpushget (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx fcf07c55939505d25296e89cc5253d215f3a608224a751103fd5b17d8b2307d2 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in libpongstringrand (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 83dd8fb7028afb38e2eb5dc136a37669361dc81320acb837ad908b38ebbdfd69 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in esqadpaypal (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx f54949ddf332749f5aca529493b4feb5858d68c273c2716b5efbfa2e90826b19 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in superram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 79fbcf578774307ebab34226f0aee5ca322b27b578f1256a46c19164d68d2b93 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in rfcs-tooling (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1abbfacf3954101eb9977beb1c9691c40f0c7192b5350dedcdf4588f4e79d278 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...