138 matches found
MAL-2025-550 Malicious code in meli-connect (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 51bcf8ede43a6fd8fa810529ae2d62e97197165ba94b7d41c8b58e3607d39551 The OpenSSF Package Analysis project identified 'meli-connect' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
Malicious code in lyft-checkout (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a21aaa2acd24b74ce7634bafecd7bc3e4f9508ef8062d748fb284d79f0661619 The OpenSSF Package Analysis project identified 'lyft-checkout' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
Malicious code in iberia-cloud (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 76236526e0b25dc5788673d125888692300a1525e1a3dbe859ae6fba9eb218c0 The OpenSSF Package Analysis project identified 'iberia-cloud' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
MAL-2025-465 Malicious code in godaddy-gateway (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6f21fb49728a4ef317de91c2a734d9359b8e9a908f8b526a68a3435476243a33 The OpenSSF Package Analysis project identified 'godaddy-gateway' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
Malicious code in dropbox-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9caae36a2824571fd25ea7bbd865ce6077410002b5011e825d2877095d171a40 The OpenSSF Package Analysis project identified 'dropbox-utils' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
Malicious code in dropbox-oauth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 354ecda67f801f9b4cc23fae184e1fd2632d0c6970bb7d4190c00c514816a80f The OpenSSF Package Analysis project identified 'dropbox-oauth' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
MAL-2025-410 Malicious code in bookingcom-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f3efaad9e12b23a4ec5230344045108f961982d137157a29edb1283679f35031 The OpenSSF Package Analysis project identified 'bookingcom-tools' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
MAL-2025-134 Malicious code in dbximgs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3a752546905d1373f7b092a98454b7ca4e820bebecb1af358ce0a6a72fa9a1e8 The OpenSSF Package Analysis project identified 'dbximgs' @ 2.0.0 npm as malicious. It is considered malicious because: - The package communicat...
Malicious code in yb2bacceleratorstorefront-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7d6b9ec48a872ef195c69f3ecee359b142d1f9bb683a236c67a0c96876efafd0 The OpenSSF Package Analysis project identified 'yb2bacceleratorstorefront-web' @ 1.0.0 npm as malicious. It is considered malicious because: -...
MAL-2024-11929 Malicious code in @rrvis/ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis feaaf40ea5d1af97c31051295c594dc2344a3337d6b9aba3e9ae1ed6451001f0 The OpenSSF Package Analysis project identified '@rrvis/ui' @ 99.99.2 npm as malicious. It is considered malicious because: - The package...
Malicious code in yir-image-gen (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6cf1af517e2c58b4cae223cb5d746eed91636fca7b9843a427577a641e12a0f7 The OpenSSF Package Analysis project identified 'yir-image-gen' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2024-11881 Malicious code in pokedex-vue3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 23c03b4e03986cba75894fb0016bc2e1feb0c72ef2c06287030498b8f7a48ea1 The OpenSSF Package Analysis project identified 'pokedex-vue3' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2024-11849 Malicious code in 000webhost-analytics (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ebaa53f52123e742b45f9522b1d34050c780aef52753f43915cab93f159243d9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11793 Malicious code in dextester123 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a26d87ee78544b18671f34fdbfc2bb566d83d78f917c88958141e6c335ba9242 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @infoserver/gov-shared-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5b54fde6a5995ffcf57ff5e926b8e0ddb11018b6a6107970a724342f83745df0 The OpenSSF Package Analysis project identified '@infoserver/gov-shared-ui' @ 21.2.15 npm as malicious. It is considered malicious because: - Th...
MAL-2024-11813 Malicious code in @flutteruki-gaming/test-eslint-config-flutteruki-gaming (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2c8795f39ff812b69cf386eed8d41a525c823915d4a6a4eba553c30c637f9af7 The OpenSSF Package Analysis project identified '@flutteruki-gaming/test-eslint-config-flutteruki-gaming' @ 1.6.2 npm as malicious. It is...
MAL-2024-11776 Malicious code in spot-admin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5266209798ebafe67e3827752a8025acd7d54406e99400930929aee0c6b8e862 The OpenSSF Package Analysis project identified 'spot-admin' @ 0.0.2 npm as malicious. It is considered malicious because: - The package execute...
MAL-2024-11244 Malicious code in nextcloud2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0849e0cda274c845158689c282bae36877b598c0a3e458b2e44243c3acd542d5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11222 Malicious code in prettier-v3-for-testing (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 522c1e741b8482af7e3577e20c83b8e29a0f217b9c951d0e815e5c01af165408 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in spinal-core-connectorjs_type (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3451f756dd259cb0c2c30ea5f39c2d4a80eef529d40a35beafd582ce7d01420 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...