664 matches found
MAL-2024-1398 Malicious code in drata (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 646cbea8c3285f55f7f26b096cd9a63f91fdf4c4b06370aa92226ea3316bebba The OpenSSF Package Analysis project identified 'drata' @ 1.0.0 npm as malicious. It is considered malicious because: - The package communicates...
MAL-2024-1390 Malicious code in hello-1st-anni (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7324e12f4247915474315b0c6446c86c97ef20bca17e3baa9b31478fc7e612d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1341 Malicious code in dependency_confusion123 (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d4d13afb7306711deba7679787e9c867a3285ab9deabbf0d1efcf452427cd004 The OpenSSF Package Analysis project identified 'dependencyconfusion123' @ 9.9.9 rubygems as malicious. It is considered malicious because: - Th...
MAL-2024-1333 Malicious code in threadxpools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 41a0be6e9aa8db3965bae9f646d47ad6cb85ac9600c8bd71358409062b8fe105 The OpenSSF Package Analysis project identified 'threadxpools' @ 1.2 pypi as malicious. It is considered malicious because: - The package...
MAL-2024-1330 Malicious code in elk-uikit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis aaece47ca73a2646b0cb728b7816026ec3135f48e18054950dce89f8bf9073b0 The OpenSSF Package Analysis project identified 'elk-uikit' @ 99.99.1 npm as malicious. It is considered malicious because: - The package execut...
MAL-2024-1313 Malicious code in not-exist-lykos-poc2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9fdf307a333300d88cdb5031c5f135a2fe51e2a01d4db763c2d1457111ce9fe4 The OpenSSF Package Analysis project identified 'not-exist-lykos-poc2' @ 66.6.9 npm as malicious. It is considered malicious because: - The...
Malicious code in discord.js-hex (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 015a5d02bee306302c82f2de4541e008c6ebcc61804819bf894aac181a1c9eac The OpenSSF Package Analysis project identified 'discord.js-hex' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...
MAL-2024-1274 Malicious code in ui-common-components-angular (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c0d823ab954cd19f85bb933d25f8230386023a6a1fd15430efce0298f6a25aa9 The OpenSSF Package Analysis project identified 'ui-common-components-angular' @ 1.3.1 npm as malicious. It is considered malicious because: - T...
MAL-2024-1198 Malicious code in locus-website (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ae618c99394568c62b082d0c55c5da01da065e9ad01343f5737caf05685612b8 The OpenSSF Package Analysis project identified 'locus-website' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...
MAL-2024-1155 Malicious code in createarrayfrommixed (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b5b05e4d5d47ae77d4f4838cadeb6514d14c7b8affae381303aefe4746ea85e3 The OpenSSF Package Analysis project identified 'createarrayfrommixed' @ 1.9.1 npm as malicious. It is considered malicious because: - The packa...
MAL-2024-1186 Malicious code in types-for-adobe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 927dcbc233169c84ab7ef0e97232782f6bb821d476409cc6ccc8587995dabdc8 The OpenSSF Package Analysis project identified 'types-for-adobe' @ 99.3.9 pypi as malicious. It is considered malicious because: - The package...
MAL-2024-1179 Malicious code in region-optimizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 257c0698203a7d5e178b36eb11760380fab35761c1c54cf601b5f404f170eb8e The OpenSSF Package Analysis project identified 'region-optimizer' @ 99.3.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in global-min-document (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5f31926381530898f76c33bf3a3941e4c37e5866d33fbe1501baa831b6822165 The OpenSSF Package Analysis project identified 'global-min-document' @ 999999999.99.9 npm as malicious. It is considered malicious because: - T...
MAL-2024-1066 Malicious code in dropdownformfield (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2713d5570c40f202d4baa70c5d4b4a5ded51d6375ab052be5eb0a89de9d3e153 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1061 Malicious code in unity-httpclient (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0977626ba11b5a72288f3676902a548d2ea29143cc48b35243974ae95e6c68f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1058 Malicious code in jaas-jwt (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e138921f13c1e6284e20c35908236f156dedf323860b924ccdfda713eb03b8a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ent-profile-api-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f9c39ae8dadaf1b8ac82e8e1f7b312d04c58cb2a208ba535221cae3bac7ae787 The OpenSSF Package Analysis project identified 'ent-profile-api-client' @ 9.3.1 npm as malicious. It is considered malicious because: - The...
MAL-2024-993 Malicious code in privdel (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis edd03ccc68c5b01bcfcb939f4794749d8c8a797d45611b86636883add7bb5b44 The OpenSSF Package Analysis project identified 'privdel' @ 1.999.0 npm as malicious. It is considered malicious because: - The package executes...
MAL-2024-975 Malicious code in @bughunter0007/packages-analytics (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d7917dfb8691c19dbb896a26b03004bfa6ac280745ce23f44939f929faffbc94 The OpenSSF Package Analysis project identified '@bughunter0007/packages-analytics' @ 1.2.2 npm as malicious. It is considered malicious because...
MAL-2024-957 Malicious code in ccl-modal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 39e730f4f56209fb93dff1d5b08b4aef3031c600f8402df5d61b00e9f19a41e0 The OpenSSF Package Analysis project identified 'ccl-modal' @ 2.3.0 npm as malicious. It is considered malicious because: - The package...