MAL-2025-3296 Malicious code in @template-builder/iframe-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d449b73ecd5ceb50edae265044e9523e1608eafa7389e2e46f139ea57a4e37aa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3295 Malicious code in bvr-api (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ed2a0f9c584ecfcffc1c76619a1637559d1d8771f78e1d3655f819f7fff67962 The OpenSSF Package Analysis project identified 'bvr-api' @ 0.3.12 rubygems as malicious. It is considered malicious because: - The package...

MAL-2025-3279 Malicious code in sprocket-webapp-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f5d57baf1c9d4921b97830956bc52be3915cbc7653c64569768d18c5583c845a The OpenSSF Package Analysis project identified 'sprocket-webapp-poc' @ 99.99.99 npm as malicious. It is considered malicious because: - The...

MAL-2025-3268 Malicious code in arubaiothubdemoapp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 876ff25e0242422681fb71c6ba92f36b79e0584103fae49a5bffdd959497485b The OpenSSF Package Analysis project identified 'arubaiothubdemoapp' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

SUSE-SU-2025:1201-1 Security update for expat

This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion bsc1239618 Other fixes: - version update to 2.7.1 jscPED-12500 Bug fixes: 980 989 Restore event pointer behavi...

MAL-2025-3174 Malicious code in typesense-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 490e72092d3e2b725ff92c6b8bb87fb850509bdd1abbead8e8cb9427a4d92bcd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3176 Malicious code in @n37scancp/highlight.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 944af106fc0b2a334ed1ab4fb6784a0b2cc01e5f795b1de3449b8deaf6560b50 The OpenSSF Package Analysis project identified '@n37scancp/highlight.js' @ 11.11.12 npm as malicious. It is considered malicious because: - The...

MAL-2025-3136 Malicious code in clarunit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aecdc65ad87798f6243b3d284367e755b52beb5eef68fcc0ca08b0b802230643 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3132 Malicious code in internal-utils-bronxi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3b060b166dc77a08c11be2e3aae8d81e5f55f83f1838197b6332c9caf1ed3540 The OpenSSF Package Analysis project identified 'internal-utils-bronxi' @ 100.0.0 npm as malicious. It is considered malicious because: - The...

MAL-2025-3130 Malicious code in @oldzeppelin/contract (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59936093e10e486bceef6e021a4ca771a2996cf612a809e2bea28243348f8968 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3129 Malicious code in scrt-www (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c3dc483e4a4005db4d3a5ec2f2b2e8d63aa5b8258510f483ce9d4c7351b2c84 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3128 Malicious code in @fraudprevention/device-intelligence (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4499ba2c16cf02f2e12c45bba95e21bd588726f331f7a7a7f8eecfbb0369cafc The OpenSSF Package Analysis project identified '@fraudprevention/device-intelligence' @ 100.99.100 npm as malicious. It is considered malicious...

MAL-2025-3086 Malicious code in r5-zknet-wallet (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 070dfd4d90ed4eb9d2cd623b84d76f1b2cf1fcfd6bb9704350773e5344446c94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3022 Malicious code in pocketnet (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73c905c72824fcd244dfaaa2732a81deabf6f59b88d5c95e9d513fd1dd8f5a22 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2807 Malicious code in @sas-dvr/nova-graph (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2ee49dd296a0db13b0118e5424d00aac99ea70cc3664bba504af096916e31998 The OpenSSF Package Analysis project identified '@sas-dvr/nova-graph' @ 132.0.0 npm as malicious. It is considered malicious because: - The...

MAL-2025-2799 Malicious code in sony-liv-smarttv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 61696a41d9c61203ebde9adcecf521e954619c6273e75d9da24c9f402aaeb603 The OpenSSF Package Analysis project identified 'sony-liv-smarttv' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2025-2795 Malicious code in @nationalgeographicsociety/ngsui-header (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d937ed5f0de34fc1491db77a6b046ff477eb03286b9c49541ae1250170651eb0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2792 Malicious code in bugbounty208-test-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5012a09f4c2283a7df00a99f643af1a87adbef671a39e6569188a3bcdced87e8 The OpenSSF Package Analysis project identified 'bugbounty208-test-package' @ 1.0.1 npm as malicious. It is considered malicious because: - The...

MAL-2025-2623 Malicious code in corehome (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 835efaf181707862582cf58938ea26bb25e18a1d228269a42b58f12d1c250ca7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2624 Malicious code in codex-cipher (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ce020b1fc0f9d126255429ca44d4407527446d2650c546670d79bc9c84056cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...