MAL-2023-8500 Malicious code in @atea/warranty-form (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b073b818c3493a216e9d334b7f02042f6dbf9b7cea8bbf563b07b5af22952bb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in frontend-proctor-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7c6de6a72e79dd5f6e54f1f9659918eeecd369c8ef58849ca2e6dbd611c5ad9d The OpenSSF Package Analysis project identified 'frontend-proctor-utils' @ 4.2.8 npm as malicious. It is considered malicious because: - The...

MAL-2023-8486 Malicious code in @zscaler/ec-domain (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 31bceaac08bb6d621ea722590b8ba815799a6af81cc537fa0796ea7983b0f1d2 The OpenSSF Package Analysis project identified '@zscaler/ec-domain' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...

slsa-verifier vulnerable to mproper validation of npm's publish attestations

Summary slsa-verifier attestationstampered.json 5. SLSAVERIFIEREXPERIMENTAL=1 slsa-verifier verify-npm-package supreme-goggles.tgz --attestations-path attestationstampered.json --builder-id "https://github.com/actions/runner/github-hosted" --package-name "@trishankatdatadog/supreme-goggles"...

GHSA-R2XV-VPR2-42M9 slsa-verifier vulnerable to mproper validation of npm's publish attestations

Summary slsa-verifier attestationstampered.json 5. SLSAVERIFIEREXPERIMENTAL=1 slsa-verifier verify-npm-package supreme-goggles.tgz --attestations-path attestationstampered.json --builder-id "https://github.com/actions/runner/github-hosted" --package-name "@trishankatdatadog/supreme-goggles"...

MAL-2023-8413 Malicious code in xterm-addon-unicode-graphemes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1e517091262ed409fb53011792754e279673a300f5e9abf2377eec73ed814f9c The OpenSSF Package Analysis project identified 'xterm-addon-unicode-graphemes' @ 6.0.6 npm as malicious. It is considered malicious because: -...

Malicious code in fadam-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 02e81c60df4cba570ba561c45c4e1f48fe798f16078ef1a7c2c601cdb3edf1f7 The OpenSSF Package Analysis project identified 'fadam-frontend' @ 101.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2023-8398 Malicious code in @tpci/i18next-ext (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 14a4fd8041934f617af9e84fb00ca939b961316d3d7b9519c286dd93035801c8 The OpenSSF Package Analysis project identified '@tpci/i18next-ext' @ 1.6.0 npm as malicious. It is considered malicious because: - The package...

MAL-2023-8399 Malicious code in fbdebug (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2edf3045263e059e2b1599655b25cc167abecc4d1e77e5e7e8d62998b0fd9e18 The OpenSSF Package Analysis project identified 'fbdebug' @ 0.1 pypi as malicious. It is considered malicious because: - The package communicate...

MAL-2023-8391 Malicious code in @banana-cake-pop/data (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 62a20ff9ddb55a8de5c7bffe9455b25f0fca2223207e80cf7b9d7993bd02db12 The OpenSSF Package Analysis project identified '@banana-cake-pop/data' @ 1.9.10 npm as malicious. It is considered malicious because: - The...

MAL-2023-8390 Malicious code in @syska/aca-gui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c3f4460092e1b289ec60a15ed80e3a418d95fc95a42072bc38a787c9db2f5cf1 The OpenSSF Package Analysis project identified '@syska/aca-gui' @ 99.0.0 npm as malicious. It is considered malicious because: - The package...

OpenSSF Launches Malicious Packages Repository

By Waqas The launch of the Malicious Packages repository comes at a time when cyberattacks, leveraging malicious open source packages, are on the rise. This is a post from HackRead.com Read the original post: OpenSSF Launches Malicious Packages Repository...

MAL-2023-8380 Malicious code in xsolla-login-js-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b87428f045bf2e5db5eadeb9cb89e2b190e6c62c05e563676d28d6baaa91c631 The OpenSSF Package Analysis project identified 'xsolla-login-js-sdk' @ 4.0.0 npm as malicious. It is considered malicious because: - The packag...

MAL-2023-8311 Malicious code in cohort_sdk_js-darwin-x64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis abc50fadc1925fd27cf2d8f5e59cfe3992cf481db078f520b50ded4fc10f43c4 The OpenSSF Package Analysis project identified 'cohortsdkjs-darwin-x64' @ 1.0.1 npm as malicious. It is considered malicious because: - The...

MAL-2023-8310 Malicious code in cephlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f82a5ba62b790856947d686397170162bf743b168fd9d66008ed6501b465d5af The OpenSSF Package Analysis project identified 'cephlib' @ 0.0.2 pypi as malicious. It is considered malicious because: - The package...

MAL-2023-8308 Malicious code in nnabla-ext-cuda101-nccl2-ubuntu16 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 70047d0a5eb542220386cc3c3f7f8bd4bee3faa63ce2124f363abcc1503be3df The OpenSSF Package Analysis project identified 'nnabla-ext-cuda101-nccl2-ubuntu16' @ 0.0.2 pypi as malicious. It is considered malicious becaus...

MAL-2023-8307 Malicious code in narratives-from-tweets (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1570135eff60eea1dfd9ec7b66797d9454373263050b83c8ad90d2b7b37d71b6 The OpenSSF Package Analysis project identified 'narratives-from-tweets' @ 0.1 pypi as malicious. It is considered malicious because: - The...

MAL-2023-8301 Malicious code in @siigo-arquitectura/mf-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 519c8b7461f58c38192ea55bcd67f43659de4537eb6031f1882e2e2dee1acbee The OpenSSF Package Analysis project identified '@siigo-arquitectura/mf-helper' @ 5.0.1 npm as malicious. It is considered malicious because: -...

MAL-2023-8299 Malicious code in shopify-sections-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 76d95fb018250029adf8dce0dc777382f9f6d2c30f003fe0fd403723d0efab8d The OpenSSF Package Analysis project identified 'shopify-sections-manager' @ 5.0.9 npm as malicious. It is considered malicious because: - The...

Malicious code in symphony_ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c20ea6d79677d372e49128111709f70323ac73cb9e7a7411743d8e39b19aae60 The OpenSSF Package Analysis project identified 'symphonyui' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...