126 matches found
Malicious code in @mesadev/sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in agentwork-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
MAL-2026-3586 Malicious code in @uipath/vss (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfeb2de2eaeb02a5d8f7ce7edf48891f2dad988fb8fd5ed5b26e7c7118f3c9cc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3569 Malicious code in @uipath/resourcecatalog-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6cb7666d347d87ddbbd13f929181a8d85ab38a63997fb34b91d420acd09616f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3562 Malicious code in @uipath/packager-tool-functions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ecd70af63416c44f0ddb62846ccd313a62afda6fb1664a7cc989789cd983a6cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3553 Malicious code in @uipath/llmgw-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b2a10d3449dbb21333a81b53c4eab1037a00c862459fa93155f1bd9a94102ea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3550 Malicious code in @uipath/insights-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e4a14d8ee3cc65fe720a880c72000a911cbc45433f4113501a7246c018798380 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/insights-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ace6d378b6abec995ee4d1fc628aa32dd0771f340a17fa2e91e2659868509681 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3590 Malicious code in safe-action (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd0e257c2958e16d803f002f996ebb83aae4ecc32bf71320bf985b936996e634 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/filesystem (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 146d5edb9ab8fea89bfb60b8ae01c6c1e8e0fea9e6332121cf3922f4d23546df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/codedagent-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eaec2ac4b4efbc449a39049c2d3793dd5f3c4fc4737957ba4e70f35fb6c13903 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3530 Malicious code in @uipath/api-workflow-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d32baa584fef58e39e73ce0f2a965cccdbc83a96e6011743224267b3832d8759 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-191470 Malicious code in org.mvnpm:posthog-node (Maven)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ea90a5928d7667bed4fa9f6effbbe6c8d3ad6521ca51ca2b01551bc02373a7d2 This package was compromised by the Sha1-Hulud: The Second Coming NPM worm. The malicious payload steals tokens and credentials and...
Malicious code in @lokeswari-satyanarayanan/rn-zustand-expo-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73fe3bd99e2f11ab8bb09a9086c4dca8af56372031492ed11d90f1e32a0e8f53 The package @lokeswari-satyanarayanan/rn-zustand-expo-template was found to contain malicious code. Source: google-open-source-security...
Malicious code in @oku-ui/portal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0711033d654f75b42d8959721555bcf5aa5fb766ccc12b6e89c56eef0d8cafd The package @oku-ui/portal was found to contain malicious code. Source: google-open-source-security...
Malicious code in @oku-ui/toast (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b944224d9a502a3f5bb5f7bfb4530de52ce4ffac6f94c8588fdda2f22563953 The package @oku-ui/toast was found to contain malicious code. Source: google-open-source-security...
Malicious code in @voiceflow/dependency-cruiser-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f310f0649a09ab3e8f8ca155d2067e1f39ad9ac40a987851fd0dd352ffc268fe The package @voiceflow/dependency-cruiser-config was found to contain malicious code. Source: ghsa-malware...
Malicious code in selenium-session-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c213ecffb94ad5db9053c2dcf20681d6fe3a5baa0b8ed42d87e01c7ef930a704 The package selenium-session-client was found to contain malicious code. Source: google-open-source-security...
Malicious code in @browserbasehq/stagehand (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0147cee6c903a9fd8dabfedd42c60df91437e6a7a750bebff3c26ce687d4443a The package @browserbasehq/stagehand was found to contain malicious code. Source: ghsa-malware...
Malicious code in @voiceflow/circleci-config-sdk-orb-import (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93fddfa88f30512d04aa154c955befc6e560cd4a1600f731643caf20e799e5c8 The package @voiceflow/circleci-config-sdk-orb-import was found to contain malicious code. Source: google-open-source-security...