MAL-2026-5175 Malicious code in webpack-json (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abd3559fc62e362d5e4d5068126317096f7e2e483d97bba9f59e192a9d49a363 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ROOT-APP-NPM-CVE-2026-27903 CVE-2026-27903 in @rootio/minimatch - Patched by Root

Root has patched CVE-2026-27903 in the @rootio/minimatch package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-42039 CVE-2026-42039 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42039 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-42043 CVE-2026-42043 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42043 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-42037 CVE-2026-42037 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42037 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-45740 CVE-2026-45740 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-45740 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44290 CVE-2026-44290 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44290 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44289 CVE-2026-44289 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44289 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. Learn more Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The...

Malicious code in fundraiserserv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c27dec042a9f69f24c1a2c860af27a2625740dbd7b7fc3d059659fae6f628c25 The OpenSSF Package Analysis project identified 'fundraiserserv' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in chai-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e982bc5f531780656477d948f66ea8acd21d7a48da535ab8585599a21e6b358c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in sourceflow-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1699207dcb748d9894d27585d5e49f48e906eae167d75434c15cd15f1aeb5502 The OpenSSF Package Analysis project identified 'sourceflow-tracker' @ 99.91.9 npm as malicious. It is considered malicious because: - The packa...

MAL-2026-5166 Malicious code in sourceflow-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1699207dcb748d9894d27585d5e49f48e906eae167d75434c15cd15f1aeb5502 The OpenSSF Package Analysis project identified 'sourceflow-tracker' @ 99.91.9 npm as malicious. It is considered malicious because: - The packa...

Malicious code in page-info-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d4a2106922e9e3851658667cacaa2c2818cdb56cd0c4df6778c0cb7fbed2338e The OpenSSF Package Analysis project identified 'page-info-service' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in po-ops-local-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ed7a024c524e1a4bc29e2670d7dc00e5aa4c6891650c3c6bf38a2f388f4a3cb9 The OpenSSF Package Analysis project identified 'po-ops-local-dev' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...

ROOT-APP-NPM-CVE-2022-46175 CVE-2022-46175 in @rootio/json5 - Patched by Root

Root has patched CVE-2022-46175 in the @rootio/json5 package for Root:npm. Multiple fixed versions available...

MAL-2026-5132 Malicious code in rookie-security-test-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1af47f1485c4c5bd3c6ee3cb7330781c1892ebc8bea1c59b0a0045c49ab8c93d The OpenSSF Package Analysis project identified 'rookie-security-test-pkg' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

MAL-2026-5124 Malicious code in @chat-template/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90c0b7addd5c00b1a582b2097be6020f543e892e5189b58bd0ba94d94e1e5056 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in nepsnowplow (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7e26395712f5003186b16919b17058dbc8d140aae9ab0dc20d5add9624cc35c6 The OpenSSF Package Analysis project identified 'nepsnowplow' @ 9999.0.0 npm as malicious. It is considered malicious because: - The package...

ROOT-APP-NPM-CVE-2026-23745 CVE-2026-23745 in @rootio/tar - Patched by Root

Root has patched CVE-2026-23745 in the @rootio/tar package for Root:npm. Multiple fixed versions available...