MAL-2025-2060 Malicious code in subscriptionmgmtserv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68c14d2b0dcadceb26623b66d1383bf38d46b5b9cccee3619f1cfe8cef942f4b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2017 Malicious code in aws-features-signin-proxy-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7ce6c3acab744d13386f25fd9a0ea075cb42fcaf98c20bc4a279a88838fad81a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2018 Malicious code in calculated_members_message (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5529e99d26fab951551b850892343db8270230c71da1a8091e2bca79559e37f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1678 Malicious code in @sonahri51/orientation-change-end (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4e5ffc2c48c12f6b36620be282c6ed94826d434430e8412d70a220d4719b366 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1658 Malicious code in skyflowelements (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 42e1dc8575c7a9a2643fe2f656ff55984aa3635881ed697991cf2bbf6479e2e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1654 Malicious code in nanovest-portal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17d16e1056fd5093195f09f1074b4a1e5832286639ad292adae94fb8fbb005eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1653 Malicious code in azure-sdk-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 479067c01646643f73d6f81188d5b155d76d985758485a7b0c6fe92326db09d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1652 Malicious code in doitoml (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c92ab9b950fef1f567faa52993a2c800c38e041919a32cd64538a9aef8ecb16 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1650 Malicious code in iff-root (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a57d0a13eebe99cec9bd319389850e2b8f5536100fa634811d521a13bd3b6c16 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1567 Malicious code in morganstanley.github.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da18628bae17a4b84b5818efb61d96bb37f0cddacea85240fbf4856ff0340353 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1564 Malicious code in synapse-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f22e2f65543683192030203ce08eecf0c137c3bc94f711cf9dd5c143dd1bd19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1563 Malicious code in webbundle-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c94c458984a089f14be87d45c3ac4355e1ba06610c50abbcbb0f172160e5a38e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1559 Malicious code in react-native-wallet-sdk-demo-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca22a1a9bdc58e35b912072adf9e4737394ce3c10cbad067352953e093610bc3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1555 Malicious code in luno-cocoapods (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9bb59e6b577e1a28cf71bf254ef70a0641db3319c1985827f792edb51ea14493 The OpenSSF Package Analysis project identified 'luno-cocoapods' @ 2.8.0 rubygems as malicious. It is considered malicious because: - The packag...

MAL-2025-1524 Malicious code in main-branch-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8be08fa3cd592a6d15f6524eac04c1935a0fa11215c4143121b34e3a0de18e15 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1526 Malicious code in realtime-examples (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 30a419d00d6726fcd2d97dfde72e8d41922e2fe0a0179c77beae95f697990241 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1520 Malicious code in edubrite (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware baa18eab9661ff222643f21316f013ac3669e056c2bebc25e7db311de897222b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1515 Malicious code in @starkgate-v2/web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd18cb51b9bfc804c264ad648ce51fda4711022cb95ee99b35e70739222662ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1510 Malicious code in @visma-spcs-registry/react-common-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b825ada9ae1a47ba7b535f78569c691ddf561ab61c2f4839ed0edb11d91403ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1527 Malicious code in wdpr-ra-node-mpropz (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 06f859971691a195993b3391bbb8b6a83e269eb750856157e81f65d66c2625cf The OpenSSF Package Analysis project identified 'wdpr-ra-node-mpropz' @ 999.999.999 npm as malicious. It is considered malicious because: - The...