Malicious code in @doaction/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f96ec00bc5ed7192c8483a1b27f2212ce64e5a86f1dc309b66d14ea969de00fb @doaction/[email protected] is shaped as a public-registry shadow of a private internal package: scoped name pattern, inflated 99.99.99 version, and a...

Malicious code in @doaction/shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector caba10985bd532eb067af52e175856a72552c9b9306895ea9fba9c1083277248 @doaction/[email protected] is a dependency-confusion lure that exfiltrates installer environment metadata on every npm install. package.json declares...

Malicious code in @doaction/eventemitter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5221b351f74900764906fd20a62e5c3f390473ed87a1d4fb781e34d3ffd2f623 On npm install, package.json declares "preinstall": "node scripts/postinstall.js", and scripts/preinstall.js unconditionally executes...

ROOT-APP-NPM-CVE-2026-29045 CVE-2026-29045 in @rootio/hono - Patched by Root

Root has patched CVE-2026-29045 in the @rootio/hono package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44902 CVE-2026-44902 in @rootio/opentelemetry__sdk-node - Patched by Root

Root has patched CVE-2026-44902 in the @rootio/opentelemetrysdk-node package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-25896 CVE-2026-25896 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-25896 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-45740 CVE-2026-45740 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-45740 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44290 CVE-2026-44290 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44290 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44289 CVE-2026-44289 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44289 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

Malicious code in transacts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73ecd84db15b18ea43f39e830199133ca8d17806313e4b6828a1d9105cc4b30c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview transacts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification

A flaw was found in Forge also called node-forge, a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do n...

node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse()

A flaw was found in the node-forge library, a JavaScript implementation of Transport Layer Security. This vulnerability, inherited from the bundled jsbn library, allows a remote attacker to cause a Denial of Service DoS. When the BigInteger.modInverse function is called with a zero value, it ente...

node-forge: Forge (node-forge): Certificate validation bypass allows unauthorized certificate issuance

A flaw was found in Forge also known as node-forge, a JavaScript implementation of Transport Layer Security TLS. The pki.verifyCertificateChain function does not properly enforce certificate validation rules. This oversight allows an intermediate certificate that lacks specific security extension...

MAL-2026-5346 Malicious code in cookie-parser-legacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53a673e0454bb102d4e8456e3c26290196c5ae5bf4cf9438ce78f8286fd5c3be Package name and README impersonate the well-known cookie-parser Express middleware. The source is a near-verbatim copy of cookie-parser, except the...

node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse()

A flaw was found in the node-forge library, a JavaScript implementation of Transport Layer Security. This vulnerability, inherited from the bundled jsbn library, allows a remote attacker to cause a Denial of Service DoS. When the BigInteger.modInverse function is called with a zero value, it ente...

MAL-2026-5348 Malicious code in os-ulid-void (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 531ba01f5b5d2442cc8070ae6feec31976f9b67957fa3b0936c2cea7b6034b81 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @bancolonbia/menu-filter-widget-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76511e7873dc4a76b8447f91807e48289877ee612cd0d94526206390bbda7f3e package.json declares scripts.postinstall: node./callback.js, which fires automatically on npm install. callback.js reads the installer's hostname an...

MAL-2026-5357 Malicious code in farming-tools-12 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+, same aicrypto-xzggg publisher and "Core utilities for blockchain development" description as swap-sdk-87/defi-tools-39. postinstall auto-execs, src/index.js harvests /.ssh keys + Sol/Eth/BTC/Tron/Sui/Aptos wallets + .env +...

MAL-2026-5354 Malicious code in defi-tools-39 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+, byte-identical to swap-sdk-87. postinstall auto-execs, src/index.js harvests /.ssh keys + Sol/Eth/BTC/Tron/Sui/Aptos wallets + .env + seeds, self-labels "CRYPTO STEALER", exfils to SAME Telegram bot 8227918239 chat 6433587894...