138 matches found
Malicious code in @flight-common/models (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c5af2423bce8f82ab3bebfecba472bdcc04805388481ec19e96c245ca48ccd3b The OpenSSF Package Analysis project identified '@flight-common/models' @ 1.2.9213 npm as malicious. It is considered malicious because: - The...
MAL-2025-42122 Malicious code in @flight-common/components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 10b5cb816f030297707c6e9ae79f7916de698fd58c8b068b18ef716c7425240b The OpenSSF Package Analysis project identified '@flight-common/components' @ 1.2.9213 npm as malicious. It is considered malicious because: - T...
Malicious code in @navancorp/ta-travel (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 475cb3266e9f473c951bb35f87e31b76f08d312ee1916977eb7a125f339f7b7a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @navify-platform/i18n (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 306d60012db44c48b4e577372019b8171e2eb15c6cfb80a9c1e5eb7df32149de The OpenSSF Package Analysis project identified '@navify-platform/i18n' @ 1.2.0 npm as malicious. It is considered malicious because: - The...
MAL-2025-6328 Malicious code in triple-equals (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d65cc69dec9f320438a4209e4c952480d78b96c779a019b6a09c04499b9e3edc When imported, the package attempts to exfiltrate environment variables and basic user info --- Category: MALICIOUS - The campaign has clearly malicious intent...
MAL-2025-6327 Malicious code in react-nodes (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8f859f678cb85445cc8d486c034c1a9de313c92e4485d8dc546bab5be2823b71 The OpenSSF Package Analysis project identified 'react-nodes' @ 4.0.1 npm as malicious. It is considered malicious because: - The package execut...
MAL-2025-6321 Malicious code in ui-data-layer (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8a48f1cd7920a46266b710e80c45543e765af5de9e2944c114bf249efe69ce17 The OpenSSF Package Analysis project identified 'ui-data-layer' @...
MAL-2025-6224 Malicious code in google-protobuf-conformance (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c56504427d8d150c02bac6d80c813025eafa11c3ed21419e5a3ce13a6c11ca6 Any computer that has this package installed or running should be considered...
Malicious code in workspace-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6337f633e71ac4bbdd2541a6ff172f67246451a691838940e3578c7c7ba4ee18 The OpenSSF Package Analysis project identified 'workspace-loader' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2025-6212 Malicious code in prospects (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c3937cc0353b0952f14ff2d9e68216f857e4ffc01f688f600948c6d1b234915a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5762 Malicious code in vault-wallet-toolkit (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 038f9aa24c411c91137d75c5519d3628da39a251c2a955d2b651748359a746f0 Any computer that has this package installed or running should be considered...
MAL-2025-5624 Malicious code in cmr-graphql (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b805bd73c447ee03b3330e1a1ce27c4b8edef17d58376cd0a35c151f7c1250a0 Any computer that has this package installed or running should be considered...
MAL-2025-5538 Malicious code in k6-studio (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b163d493761fa12ed8094157415651ec1b22824f021a7483637346825e08cca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5306 Malicious code in maybe-i-would-like-a-banana (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 662fcbfd490d5409f2a17a156785c7d82b81e2c57e0c67d1ae701ccf49fff1b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5298 Malicious code in prototype-poisoning-package (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb7e50b04c4ffcf207fdb21b54873ca1488fe7dd526b90c1206bc830af9b111b Any computer that has this package installed or running should be considered...
MAL-2025-5271 Malicious code in magewire (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b5673177c3d8b559cc2235b1593c2c06131afd64553497997b2ab2664fc4e9fe The OpenSSF Package Analysis project identified 'magewire' @ 99.99.2...
MAL-2025-5269 Malicious code in fooldependgcbk8x (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 40edfccd147dc478664b7c35428ddcc41628c4bd8d11341b39de5092cf1ed958 The OpenSSF Package Analysis project identified 'fooldependgcbk8x' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2025-5211 Malicious code in cro-pricing (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ad3153abfc5098f205551190f8a491deda5c4b47c00a18ed66800ef238c6b78d The OpenSSF Package Analysis project identified 'cro-pricing' @ 1.0.8 npm as malicious. It is considered malicious because: - The package...
MAL-2025-4623 Malicious code in helloworldmyworld (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ea11c9b6eb65ebdd9deee023e1154599bc86dce39350a49b2589c88f7dce2b31 The OpenSSF Package Analysis project identified 'helloworldmyworld' @ 1.999.2 npm as malicious. It is considered malicious because: - The packag...
MAL-2025-4609 Malicious code in moorkh_hai_tu (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3c9a195959b550bee1eca57f930d21864f781bd0d6be4f65b19ac06c4088570e The OpenSSF Package Analysis project identified 'moorkhhaitu' @ 1.2.0 npm as malicious. It is considered malicious because: - The package...