Malicious Package

Overview @cloudplatform-single-spa/arenadata-db is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

PT-2026-36990

Name of the Vulnerable Software and Affected Versions apko affected versions not specified Description apko verifies the signature on 'APKINDEX.tar.gz' but fails to compare individually downloaded '.apk' packages against the checksum recorded in the signed index. Although the checksum is parsed v...

CVE-2026-33467

Elastic Package Registry is affected by CVE-2026-33467 due to improper verification of cryptographic signatures (CWE-347), enabling package integrity bypass for self-hosted deployments that sync from upstream. Affected versions: all up to and including 1.37.0. The issue can be exploited if an att...

Elastic Package Registry 1.38.0 Security Update (ESA-2026-27)

Improper Verification of Cryptographic Signature in Elastic Package Registry Leading to Package Integrity Bypass Improper Verification of Cryptographic Signature CWE-347 in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the...

CVE-2026-31839

Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered...

Malicious code in ac-polyfills (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a7d9d049932519bded5d12b8627523ef63dac69179b1ce873cf4cd8b7fe6849 The package ac-polyfills was found to contain malicious code...

CVE-2026-21437 eopkg vulnerable to package file list integrity bypass

eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could include files that are not tracked by eopkg. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be shown by lseopkg and...

EUVD-2025-199272

Malicious code in quickswap-sdk npm...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Malicious code in bitha-95 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c38f1060d15271a31ac47c03d4f93b1499ceb7448ea9131bffeb9d6013a38085 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in air-poke4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b70902ef95f5216486736aaedc05d335c6ae9f52f81729832bfea6e21b99af31 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-123636

Malicious code in playwright-pipe-jwt-middleware npm...

EUVD-2025-97090

Malicious code in kiki-kue73-breki npm...

EUVD-2025-56266

Malicious code in yuni-kue56-sluey npm...

MAL-2025-50863 Malicious code in arif-nasisayur82-kyuki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a7a67bf461f20d0941fae64b7328e89a889b4d5fee11e026a6b8cb330c954ec The package arif-nasisayur82-kyuki was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that...

Malicious code in bingo-log (npm)

The package bingo-log was found to contain malicious code...

Malicious code in bytel-api (npm)

The package bytel-api was found to contain malicious code...

Malicious code in slidez (npm)

The package slidez was found to contain malicious code...

MAL-2025-27837 Malicious code in npm-message (npm)

The package npm-message was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2024-50270

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid overflow in damonfeedloopnextinput damonfeedloopnextinput is inefficien...