1385 matches found
MAL-2026-6867 Malicious code in pretty-pino-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8a3122c1ab14fbe9f5eb55c0b5ba1db0c7b8e47ecc4d935b758d6bf679821e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6850 Malicious code in logger-beauty (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29f894c613d7ea8f407e4515aca877e6f13b5bb8e72530ce8032a534336b5a25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6816 Malicious code in emojiprint-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6cbf02130e84c5829369887b3e109fbf7ad94e2fbf4b4b2ca82c28f0059a7ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-53488
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands o...
GO-2026-5758 containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull in github.com/containerd/containerd
containerd CRI — image-config LABEL flows to restart-monitor binary:// logger: host-root command execution from an image pull in github.com/containerd/containerd...
CVE-2026-52942
In the Linux kernel, the following vulnerability has been resolved: netfilter: nflog: validate MAC header was set before dumping it The fallback path of dumpmacheader guards the MAC header access only with "skb-macheader != skb-networkheader", without checking skbmacheaderwasset. When the MAC...
Malicious code in zomato-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3dccb8b8b32337c2a257a763c273e03367ec07c904b5db0c07dbf514d546709d On npm install, the package's preinstall lifecycle script in package.json runs curl to POST the installer's hostname, current user whoami, working...
MAL-2026-6252 Malicious code in zomato-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3dccb8b8b32337c2a257a763c273e03367ec07c904b5db0c07dbf514d546709d On npm install, the package's preinstall lifecycle script in package.json runs curl to POST the installer's hostname, current user whoami, working...
MAL-2026-6218 Malicious code in chai-as-attested (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88e27467366a90f482eb47476458b1f74d5a41ac63371572e527f2e60e4e0b51 Package impersonates a pino-style logger exports module.exports.pino, ships pino-like DEFAULTLEVELS, keywords fast/logger/stream/json but the exporte...
Malicious code in motion-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0dec07d83d6427eb2c76e0ab74e5f31f424e769c187e6d48df0de3575df2e176 [email protected] masquerades as a pino-style logger exports module.exports.pino, ships proto.js/multistream.js/transport.js/redaction.js/levels.js,...
Malicious code in chain-chai-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4287ff6637bb0d3109dcdc3082aece79d69deca2a3580ebf850ec1c13e8a3e00 [email protected] advertises itself as a pino-style logger keywords fast/logger/stream/json, exported alias module.exports.pino = middleware,...
Malicious code in terminal-structured-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14080e4c54ea68f090ab98ee4eb27c7e987fe2d5e7ed6c5bb37ed89504a43099 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in terminal-pretty-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab5f2a4118b739df793ebe9fc8d0a2bcf9716ab9f610cbf6a6c70c45643997b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in bt-burn-watch (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94719a61950dd5cacc26b288c1fe8ef0d12f0e93720b4f1aa98cdf84ff148f0d Package advertises Bittensor subnet burn-rate monitoring but the compiled core module's own docstring describes itself as a 'clipboard logger +...
Malicious code in bittensor-burn-watch (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16180f1609731d35398f11dbfcb328826d2e39a7acf42fc256b563512645e6e5 Package advertises itself as a Bittensor subnet burn-rate monitor but bundles a live TELEGRAMBOTTOKEN and TELEGRAMCHATID in...
Malicious code in chainix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93d9609d2eac0c0ff33aed557171138930255798aa649fa648b04814c8cb1908 Package presents itself as a pino-compatible logger README badges link to pinojs/pino, exports alias module.exports.pino = middleware but its exporte...
MAL-2026-4615 Malicious code in motion-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f13ebafd858996faf32f6987cd969b933bf5c31c7ac329cf55f160bb6bbf6007 This package masquerades as the pino logger README copied from pino, exports module.exports.pino = middleware but its middleware does no logging. Whe...
MAL-2026-4319 Malicious code in lint-builder-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82c210e5583e971220a00f5aada2972877928cbc0187f17b034c9112c4b87099 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview lint-builder-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in lint-builder-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82c210e5583e971220a00f5aada2972877928cbc0187f17b034c9112c4b87099 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...