Malicious code in qsahitgpxjwzlnko (npm)

The package qsahitgpxjwzlnko was found to contain malicious code...

MAL-2025-8004 Malicious code in @hishpr/in-beatae-quae-occaecati (npm)

The package @hishpr/in-beatae-quae-occaecati was found to contain malicious code...

MAL-2025-18091 Malicious code in daybreak_kdvur_1gxlw_yonder (npm)

The package daybreakkdvur1gxlwyonder was found to contain malicious code...

MAL-2025-39237 Malicious code in whisper-tzdh4-m9tux-bison-project (npm)

The package whisper-tzdh4-m9tux-bison-project was found to contain malicious code...

MAL-2025-6872 Malicious code in search-result (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6ddb1c5d5505a20da7fa64201ed64cc4b487447debb5dfac4a7d1398b93bcb1a The OpenSSF Package Analysis project identified 'search-result' @ 10.11.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in risk-profile-widget (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in ethers-js-core (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in react-server-dom-turbopack-experimental (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 919b44a54d192c9600403c1ad155e8d4c1652c00f211b52d40f3b61893419ba9 Any computer that has this package installed or running should be considered...

Malicious code in airbnb-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a1d7d33c25e202a6ad49fb54065863092fb024863cb59952744ea002c333bab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-5889

A denial-of-service DoS vulnerability has been identified in the brace-expansion JavaScript package. This issue occurs due to inefficient regular expression complexity, which can be exploited by an attacker providing specially crafted input. Such input could lead to excessive processing time and...

Linux Distros Unpatched Vulnerability : CVE-2022-24773

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification...

Malicious code in meli-payment (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-1583 Malicious code in example-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f8f7b351d38960b71f0f51ada047da6ff08501cd8f58b679cbfd6e8c5cc7b032 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-745 Malicious code in nodejs-paypal-checkout-demo (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 909c8505097e7b62c38bde6c75bb0ba8516f566136ec093b913944bcbdd1130e Any computer that has this package installed or running should be considered...

Malicious code in lyft-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3b6c2c8a640e356df7915efc2dbff4c6612d5995a84d32090e38a5fe4ee11eb4 The OpenSSF Package Analysis project identified 'lyft-cache' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...

Malicious code in dynamodb-data-mapper-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 93e1601651b9c7ac38203563ebdc9231ff5ac6298c9dee85fb2eeae24acdce30 The OpenSSF Package Analysis project identified 'dynamodb-data-mapper-js' @ 7.0.0 npm as malicious. It is considered malicious because: - The...

Malicious code in cljs-dopeloop (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9232bb9421a218946057ab6688d62120e80b911ca38062d0ae6c42a951d2cddd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in projetmobile (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 71d8a1d00b53e4f04ce0ad77ebfbbb389dd8a22bc6b9a388f22335cf649501ba The OpenSSF Package Analysis project identified 'projetmobile' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in @taxify/nodejs-common (npm)

--- -= Per source details. Do not edit below this line.=-...

North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry

The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript package registry with the aim of infecting Windows systems, underscoring the persistent nature of their campaigns. The packages in question, harthat-api and harthat-hash, we...