141740 matches found
MAL-2026-5186 Malicious code in autotel-terminal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eecd710c08cdc339632aae89ee93e200267cea1c34d6b429ca9202265480842f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ROOT-APP-NPM-CVE-2026-41673 CVE-2026-41673 in @rootio/xmldom__xmldom - Patched by Root
Root has patched CVE-2026-41673 in the @rootio/xmldomxmldom package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-32236 CVE-2026-32236 in @rootio/backstage__plugin-auth-backend - Patched by Root
Root has patched CVE-2026-32236 in the @rootio/backstageplugin-auth-backend package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-35213 CVE-2026-35213 in @rootio/hapi__content - Patched by Root
Root has patched CVE-2026-35213 in the @rootio/hapicontent package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-42043 CVE-2026-42043 in @rootio/axios - Patched by Root
Root has patched CVE-2026-42043 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-42039 CVE-2026-42039 in @rootio/axios - Patched by Root
Root has patched CVE-2026-42039 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-42035 CVE-2026-42035 in @rootio/axios - Patched by Root
Root has patched CVE-2026-42035 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-42037 CVE-2026-42037 in @rootio/axios - Patched by Root
Root has patched CVE-2026-42037 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
MAL-2026-5179 Malicious code in chai-midpatch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4deffa7a98fc055452391610a3ab832bace310cf34ecc058287f45cab02c656c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5175 Malicious code in webpack-json (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abd3559fc62e362d5e4d5068126317096f7e2e483d97bba9f59e192a9d49a363 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ROOT-APP-NPM-GHSA-6V7Q-WJVX-W8WG GHSA-6v7q-wjvx-w8wg in @rootio/basic-ftp - Patched by Root
Root has patched GHSA-6v7q-wjvx-w8wg in the @rootio/basic-ftp package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44240 CVE-2026-44240 in @rootio/basic-ftp - Patched by Root
Root has patched CVE-2026-44240 in the @rootio/basic-ftp package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2022-24772 CVE-2022-24772 in @rootio/node-forge - Patched by Root
Root has patched CVE-2022-24772 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-12816 CVE-2025-12816 in @rootio/node-forge - Patched by Root
Root has patched CVE-2025-12816 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-1526 CVE-2026-1526 in @rootio/undici - Patched by Root
Root has patched CVE-2026-1526 in the @rootio/undici package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-45740 CVE-2026-45740 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-45740 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign
In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. Learn more Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The...
Malicious code in fundraiserserv (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c27dec042a9f69f24c1a2c860af27a2625740dbd7b7fc3d059659fae6f628c25 The OpenSSF Package Analysis project identified 'fundraiserserv' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
ROOT-APP-NPM-CVE-2022-25883 CVE-2022-25883 in @rootio/semver - Patched by Root
Root has patched CVE-2022-25883 in the @rootio/semver package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2022-0144 CVE-2022-0144 in @rootio/shelljs - Patched by Root
Root has patched CVE-2022-0144 in the @rootio/shelljs package for Root:npm. Multiple fixed versions available...