MAL-2025-4670 Malicious code in world-id-lens-dapp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d27d63976b7108297f8d9a29062b3add9973c83849fd5ab7cd8fbd31b0248701 The OpenSSF Package Analysis project identified 'world-id-lens-dapp' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2025-4624 Malicious code in inter-frontend-svgs (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cef0c87cb238b6a66e63b6ede215bd1d867b47ff3bcad84258647d55c810c520 The OpenSSF Package Analysis project identified 'inter-frontend-svgs'...

MAL-2025-4622 Malicious code in bombombombom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4feeabe972dbf8a97f4ab7dc12a732e46cb7ac49559cccdb432dc3513b3f6c38 The OpenSSF Package Analysis project identified 'bombombombom' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2025-4623 Malicious code in helloworldmyworld (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ea11c9b6eb65ebdd9deee023e1154599bc86dce39350a49b2589c88f7dce2b31 The OpenSSF Package Analysis project identified 'helloworldmyworld' @ 1.999.2 npm as malicious. It is considered malicious because: - The packag...

Malicious code in moorkh_hai_tu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3c9a195959b550bee1eca57f930d21864f781bd0d6be4f65b19ac06c4088570e The OpenSSF Package Analysis project identified 'moorkhhaitu' @ 1.2.0 npm as malicious. It is considered malicious because: - The package...

MAL-2025-4609 Malicious code in moorkh_hai_tu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3c9a195959b550bee1eca57f930d21864f781bd0d6be4f65b19ac06c4088570e The OpenSSF Package Analysis project identified 'moorkhhaitu' @ 1.2.0 npm as malicious. It is considered malicious because: - The package...

MAL-2025-4610 Malicious code in shiva_rrrraaaaooo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f76f9821127e0fdeb967db2d6c2e889b5e80f28e6bd4083e93266f5d8f4fc136 The OpenSSF Package Analysis project identified 'shivarrrraaaaooo' @ 1.1.3 npm as malicious. It is considered malicious because: - The package...

MAL-2025-4618 Malicious code in @seo-frontend-components/blog-schema (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 38bc78437090a04d89a5116ac7ad94f3821cfd50c08d81f48528c53e26b6da96 The OpenSSF Package Analysis project identified '@seo-frontend-components/blog-schema' @ 1.999.0 npm as malicious. It is considered malicious...

MAL-2025-4619 Malicious code in @seo-frontend-components/card-blog-carousel (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1cfcc9a2754a9e96e7bfd7f7c78281a5016b48feeaa8c61f782bcab5dbe4ae8e The OpenSSF Package Analysis project identified '@seo-frontend-components/card-blog-carousel' @ 1.999.0 npm as malicious. It is considered...

MAL-2025-4621 Malicious code in @seo-frontend-components/card-blog-entry (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12425fa8db62cc4b037b603cc3bd493ff000753ccaaa641ff23788b57484698d The OpenSSF Package Analysis project identified '@seo-frontend-components/card-blog-entry' @ 1.999.0 npm as malicious. It is considered maliciou...

MAL-2025-4526 Malicious code in caixaequ2ahzoop (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 da1d699d5d12de135ae0da4180622e30084a77fd76ee5cd36fe5667ce14c4bbe Obfuscated code gets a command from the remote target and executes it. At the time of the test, it was just "whoami". Thus, it's rather just an experiment ---...

MAL-2025-4424 Malicious code in @cat-ecom/pcc-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 96cbe81d68d4bf1046012598de37b5dcef6f28b3ce01653ab29b3405b359d30e The OpenSSF Package Analysis project identified '@cat-ecom/pcc-components' @ 99.99.99 npm as malicious. It is considered malicious because: - Th...

MAL-2025-4049 Malicious code in firewall-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 92cc8ed6f0d570590a25cc6c93d064bebfa016cbcfaff77af986af49bfcda624 The OpenSSF Package Analysis project identified 'firewall-node' @ 100.101.1337 npm as malicious. It is considered malicious because: - The packa...

MAL-2025-4044 Malicious code in ort-web-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3e179ffca16c7ee28162f57656f14612c34005f447e5f557edc742a4dd9120e6 The OpenSSF Package Analysis project identified 'ort-web-template' @ 100.100.1337 npm as malicious. It is considered malicious because: - The...

MAL-2025-4045 Malicious code in service-catalog-copilot (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 89c9b90298ed452d812eb4374f8dc339318c0a084a64157722e7b733416fa131 The OpenSSF Package Analysis project identified 'service-catalog-copilot' @ 100.11.1337 npm as malicious. It is considered malicious because: -...

Malicious code in service-catalog-copilot (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 89c9b90298ed452d812eb4374f8dc339318c0a084a64157722e7b733416fa131 The OpenSSF Package Analysis project identified 'service-catalog-copilot' @ 100.11.1337 npm as malicious. It is considered malicious because: -...

MAL-2025-4046 Malicious code in trusted-firmware-a (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3a6dc31ad91aec1f31822d8aced35d9645371c5e0194f3a4b7627a6753955769 The OpenSSF Package Analysis project identified 'trusted-firmware-a' @ 100.11.1337 npm as malicious. It is considered malicious because: - The...

MAL-2025-4047 Malicious code in wallet1-options (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 152e4326d8826107e6c4706758de644f8ac9a9785cd68f6f655461fd59016682 The OpenSSF Package Analysis project identified 'wallet1-options' @ 100.0.4 npm as malicious. It is considered malicious because: - The package...

MAL-2025-4043 Malicious code in fireblocks-netlink-v2-api-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 482068c6f9b5d8fd2076ed53124eac7c2d6c5e4237390c3280188cfaa7ad6554 The OpenSSF Package Analysis project identified 'fireblocks-netlink-v2-api-validator' @ 2.0.2 npm as malicious. It is considered malicious...

Malicious code in examples-formic (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 074e879e97761583a22531a3d4f917977ac387e40c36bc5eb35e3f4b367db196 The OpenSSF Package Analysis project identified 'examples-formic' @ 100.0.2 npm as malicious. It is considered malicious because: - The package...