340 matches found
MAL-2026-10521 Malicious code in @flcik/flick.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d31c087b34f156cf2b5ae7070222a57e2d760d68f9c4c73721c2800eb7b6bf62 @flcik/[email protected] replicates the discord.js public API surface FlickClient, GatewayIntentBits, SlashCommandBuilder, ButtonStyle, MessageFlags, th...
Malicious code in abuden216 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 136d8dabbba25b7fb10fa921d1eafe01d4f6710465dfc33ad213f02043973b49 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in abuden230 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2234aab0cda39685bbdd725de23c50e6e6b78ca85d8ae3c48dc0577287406f65 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff22 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07035c6d64cbb510ca87260a3a3ca216e2ddfcffcb0ffba6d40ba9f8444c5e0f The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in next-bignumber.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 615f1e472f3fec95854738e64a4e4883676d514db833ca3bfa7a1008c0253a57 Package impersonates the widely-used bn.js crypto library: README, repository URL, logo, and source files are copied verbatim from indutny/bn.js, but...
MAL-2026-6855 Malicious code in next-bignumber.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 615f1e472f3fec95854738e64a4e4883676d514db833ca3bfa7a1008c0253a57 Package impersonates the widely-used bn.js crypto library: README, repository URL, logo, and source files are copied verbatim from indutny/bn.js, but...
Malicious code in @druidsoft/botframework-directlinejs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 34ac6d117d0531ed668bd8df71233c07089b14c644a9403ee479976d75951fcb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @huobi-ui/activity-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2dc07679f0c801fbb465a2502687e29ed687871964c5d84c0dd5f2b7f94e8ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in new-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47f6e9bcab53d95265012a31a4dcfc1485ed6db858e788e68ac2ac1ebc33fc34 index.js imports childprocess and contains execSync calls invoking bash and zsh around lines 301 and 317. Without traced execution context, it is not...
Malicious code in sort-btree (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c21e3fbfbd2c75d226e7f427d760d771d29d6f612eaaa98b5b6daed7bc164035 Pattern matches fired on minified files extended/b+tree.min.js and extended/bulkLoad.min.d.js based on keyword co-occurrence require"childprocess",...
MAL-2026-6031 Malicious code in @mastra/otel-exporter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1998b4d1e4f2d960197b14f573628777e4456ff374f007ac39cca273a206aea The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-6041 Malicious code in @mastra/upstash (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 109a798f50c4d4a1e3d840f494f4febeee6911daa9b2ecb5d1a6dfd7369a96c9 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/rag (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 031ec31035fa78e914e64884be3019150c8f1f77b9c464bce74e63cb0cd13227 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in transportator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6f40d878023c5462d17916a03d22d7c2e9e1573ab590f50532aa2e620e7a5a13 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5637 Malicious code in tailwindcss-animotion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 774c1b953da3225f63374a2054512d7715ce872f4a82278fc0954fe3133e7e0b The package's main entry dist/index.cjs, with the same code in src/utils/helper.min.js aliases require to global.r and module to global.m, then...
Malicious code in os-ulid-void (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae1f330082068d43b4ef645b06ce190fb0354367ab0d98edadd3f15c6c99dea1 The package ships a minified file at dist/payload.js where multiple HTTP POST call sites appear lines 14503, 14532, 14716, 14834, 15716. The literal...
CVE-2026-1342
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to execute malicious scripts fro...
MAL-2026-4846 Malicious code in @service-suppliers/fetch-initial-suppliers-watcher-saga (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e38be804fe779ace5ea3a6a56214beebe7ceabaa5f765b46a0f7888ed2da4fc1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in lint-builder-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82c210e5583e971220a00f5aada2972877928cbc0187f17b034c9112c4b87099 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ts-big-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9e88287cb64881d3f8f2e1705d8984d54c0a3147cb3740660afca913064042a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...