664 matches found
MAL-2025-6805 Malicious code in nodejs-with-singlestore-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2dfae81e2129cf717fbae5a22ecd1938d1ea741de0968e42d5363363d6ea2dfe The OpenSSF Package Analysis project identified 'nodejs-with-singlestore-demo' @ 1002.0.1 npm as malicious. It is considered malicious because: ...
MAL-2025-6798 Malicious code in google-webfonts-helper (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ba7d8c4c4151033fdccecb7ed439075f6c8eb39490462dd7b25aac68d2a22482 The OpenSSF Package Analysis project identified...
MAL-2025-6796 Malicious code in lynx-libs-mono (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7dcde725ba12b559bfd1e62b8d6058ced4b0a5ed11b9f168f8f6f576b42ef801 The OpenSSF Package Analysis project identified 'lynx-libs-mono' @ 1.0.10 npm as malicious. It is considered malicious because: - The package...
Malicious code in htmlcontent (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4aa1c1ab3630fc2aad076dcc5fd9b2205ba7e1079410b1de1b6a757690fdd2b1 The OpenSSF Package Analysis project identified 'htmlcontent' @ 3.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2025-6792 Malicious code in htmlcontent (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4aa1c1ab3630fc2aad076dcc5fd9b2205ba7e1079410b1de1b6a757690fdd2b1 The OpenSSF Package Analysis project identified 'htmlcontent' @ 3.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2025-6791 Malicious code in powerbi-visuals-powerkpi (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1708aa2b758d41b3666672f4afb039a73cdfa12345a815feb095ca94f0fcf900 The OpenSSF Package Analysis project identified 'powerbi-visuals-powerkpi' @ 9.0.1 npm as malicious. It is considered malicious because: - The...
MAL-2025-6700 Malicious code in bp-console-fe-sg (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 521bbcab75dfeaca681fe4eedeb12dcfbe52f54514441c4c397cf234030ca4e1 The OpenSSF Package Analysis project identified 'bp-console-fe-sg' @...
MAL-2025-6676 Malicious code in undeface-test-2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 69c9b501034a030dc669fcc1ae2026db2508367cac00b2b2b7e4d8df0a78ad7e The OpenSSF Package Analysis project identified 'undeface-test-2' @ 9.9.9 npm as malicious. It is considered malicious because: - The package...
MAL-2025-6737 Malicious code in newrelic-scheduler (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 283d0b11edc13929f769d9072e403ef35901c2c26167edbfadb2573cbadaa850 The OpenSSF Package Analysis project identified 'newrelic-scheduler' ...
MAL-2025-6674 Malicious code in undeface-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cb90f4f82fed4d59ca2dcb3a39b4b93866778f4f52ae780393bdcf08e389be03 The OpenSSF Package Analysis project identified 'undeface-test' @ 9.9.9 npm as malicious. It is considered malicious because: - The package...
MAL-2025-6673 Malicious code in cerberux (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5695d0b2f501364a21975ae94641cd4afe53e8728199b018ebcea405011d9485 The OpenSSF Package Analysis project identified 'cerberux' @ 3.0.0 np...
MAL-2025-6671 Malicious code in @usaa-grp-payments-web-experience/bk-acknowledge-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b56c4b39f3ee1932940e85cef9f0071fc46b948628c13f5588bd484de40ab42d The OpenSSF Package Analysis project identified '@usaa-grp-payments-web-experience/bk-acknowledge-module' @ 2.9.11 npm as malicious. It is...
MAL-2025-6385 Malicious code in icare (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5ef3fd9f7c979ad17316b55bd4b33311a8afc4966f82955133c709fef2b53e84 The OpenSSF Package Analysis project identified 'icare' @ 1.0.0 rubygems as malicious. It is considered malicious because: - The package...
MAL-2025-6753 Malicious code in rca-url-adaptator (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8a4c404a67ab59319cbe0468f8814fdb2d770576ff6c1e58b816b178705447f3 The OpenSSF Package Analysis project identified 'rca-url-adaptator' @...
MAL-2025-6787 Malicious code in flatfox-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c1abb243ceb7b5b94ca2f950d7cf27838ad4c22bc9771a0ea878af5497bfebf2 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-6348 Malicious code in resource_registry (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 97ad7e4a2d8c7feaee7f61db0f1f57c90f92b4f92d6ca258fef4bc5f5107666d The OpenSSF Package Analysis project identified 'resourceregistry' @ 1.0.22 rubygems as malicious. It is considered malicious because: - The...
MAL-2025-6337 Malicious code in @xcxcxxx/gsap3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dca541d25bf831300b7d0993132672911b4c5d12c94e73218858e5a6d458af4a The OpenSSF Package Analysis project identified '@xcxcxxx/gsap3' @ 99.10.90 npm as malicious. It is considered malicious because: - The package...
MAL-2025-6336 Malicious code in testing123kk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bebd39f4de86af5e9634fbfda5f8c97794b597b1066c2fcd32e3a2068569280d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-6329 Malicious code in momentjs-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f28c9895f79a0a36ce23a5aa43824f3819d75b0736b6650523b5f4dc6aa0babd The OpenSSF Package Analysis project identified 'momentjs-poc' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...
MAL-2025-6255 Malicious code in redux-probe-unknown-action-rce (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d273d8be87dc1aaa71222024d9f545d4ec9bde08234f27b0c9c81f6dd8c86721 The OpenSSF Package Analysis project identified...