MAL-2024-1158 Malicious code in u-workflow.module.common.hour-of-week (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa993331c82ce09532f10dfb1eb3586e1a3343188c93733712aad7f47cb49539 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1155 Malicious code in createarrayfrommixed (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b5b05e4d5d47ae77d4f4838cadeb6514d14c7b8affae381303aefe4746ea85e3 The OpenSSF Package Analysis project identified 'createarrayfrommixed' @ 1.9.1 npm as malicious. It is considered malicious because: - The packa...

MAL-2024-1186 Malicious code in types-for-adobe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 927dcbc233169c84ab7ef0e97232782f6bb821d476409cc6ccc8587995dabdc8 The OpenSSF Package Analysis project identified 'types-for-adobe' @ 99.3.9 pypi as malicious. It is considered malicious because: - The package...

MAL-2024-1179 Malicious code in region-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 257c0698203a7d5e178b36eb11760380fab35761c1c54cf601b5f404f170eb8e The OpenSSF Package Analysis project identified 'region-optimizer' @ 99.3.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in u-workflow.module.common.features (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 43c063fa58fdcf0f64acc12e433390c9dc078ab6b6eb6dd773242db454f29a47 The OpenSSF Package Analysis project identified 'u-workflow.module.common.features' @ 1.0.1 npm as malicious. It is considered malicious because...

Malicious code in global-min-document (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5f31926381530898f76c33bf3a3941e4c37e5866d33fbe1501baa831b6822165 The OpenSSF Package Analysis project identified 'global-min-document' @ 999999999.99.9 npm as malicious. It is considered malicious because: - T...

MAL-2024-1066 Malicious code in dropdownformfield (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2713d5570c40f202d4baa70c5d4b4a5ded51d6375ab052be5eb0a89de9d3e153 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1061 Malicious code in unity-httpclient (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0977626ba11b5a72288f3676902a548d2ea29143cc48b35243974ae95e6c68f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1058 Malicious code in jaas-jwt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e138921f13c1e6284e20c35908236f156dedf323860b924ccdfda713eb03b8a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ent-profile-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f9c39ae8dadaf1b8ac82e8e1f7b312d04c58cb2a208ba535221cae3bac7ae787 The OpenSSF Package Analysis project identified 'ent-profile-api-client' @ 9.3.1 npm as malicious. It is considered malicious because: - The...

MAL-2024-1021 Malicious code in analysis-shared-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6b5ec306ddd836199e002421ad6971e233057a594e310d51a70904ca62a8ce9b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1011 Malicious code in lol-huy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 762379a17b4068ddffc2ae82540c61d7e765f81b580f0cddfb5b895b974f1e2a The OpenSSF Package Analysis project identified 'lol-huy' @ 11230000951.0.8 npm as malicious. It is considered malicious because: - The package...

CISA and OpenSSF Release Framework for Package Repository Security

The U.S. Cybersecurity and Infrastructure Security Agency CISA announced that it's partnering with the Open Source Security Foundation OpenSSF Securing Software Repositories Working Group to publish a new framework to secure package repositories. Called the Principles for Package Repository...

CISA Partners With OpenSSF Securing Software Repositories Working Group to Release Principles for Package Repository Security

Today, CISA partnered with the Open Source Security Foundation OpenSSF Securing Software Repositories Working Group to publish the Principles for Package Repository Securitylink is external framework. Recognizing the critical role package repositories play in securing open source software...

MAL-2024-993 Malicious code in privdel (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis edd03ccc68c5b01bcfcb939f4794749d8c8a797d45611b86636883add7bb5b44 The OpenSSF Package Analysis project identified 'privdel' @ 1.999.0 npm as malicious. It is considered malicious because: - The package executes...

MAL-2024-975 Malicious code in @bughunter0007/packages-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d7917dfb8691c19dbb896a26b03004bfa6ac280745ce23f44939f929faffbc94 The OpenSSF Package Analysis project identified '@bughunter0007/packages-analytics' @ 1.2.2 npm as malicious. It is considered malicious because...

Malicious code in discord.js-commandv14 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 126e742ca73d1c4cdf2ec98e46c96cef6f7c92d341e8c71305b73c0fcfdb69e9 The OpenSSF Package Analysis project identified 'discord.js-commandv14' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

MAL-2024-976 Malicious code in discord.js-commandv14 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 126e742ca73d1c4cdf2ec98e46c96cef6f7c92d341e8c71305b73c0fcfdb69e9 The OpenSSF Package Analysis project identified 'discord.js-commandv14' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

Malicious code in @ssr-frontend/packages-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17a895de36109204be95b9aba4154cc6414897889ce21aed3bfa4f0a304b3453 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-957 Malicious code in ccl-modal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 39e730f4f56209fb93dff1d5b08b4aef3031c600f8402df5d61b00e9f19a41e0 The OpenSSF Package Analysis project identified 'ccl-modal' @ 2.3.0 npm as malicious. It is considered malicious because: - The package...