163 matches found
MAL-2026-5114 Malicious code in @redhat-cloud-services/frontend-components-config-utilities (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
GHSA-W388-2392-PX73 praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role
Summary Type: Authorization bypass enabling owner lockout. The DELETE /workspaces/workspaceid/members/userid endpoint is gated only by requireworkspacememberworkspaceid default minrole="member". Any member can remove any other member, including the workspace owner, using a single DELETE. There is...
MAL-2026-3787 Malicious code in frank-at-alibaba-internal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 886c65e3dc3df0890c4de06cdd9d3973fd8a5844b0db2010a08e1160d2b6dce5 The package frank-at-alibaba-internal was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3554 Malicious code in @uipath/maestro-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6011a0c7aae20b028a8bdca262224d15d4c190b116cbc3d6f8dddef444ca84b3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3552 Malicious code in @uipath/integrationservice-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3ff8598d48c12ca9fe162be025bd370560d125c36c4e5dfebfbb09bccfda3f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @squawk/types (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3774c2374f8e3ab7673400940dfc50d0826239ac34fd2e1170c7ab4c48de6a7 The package @squawk/types was found to contain malicious code. Source: ghsa-malware 14506d7385d737662e11382d460e176a16e727348a5b09cf27325bfbd4566f83...
MAL-2026-2656 Malicious code in tailwind-stylecss-typography (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e0f774188361889c2e95f246317a2fece3219b9d9952ff3645e4d108bc525c5 The package tailwind-stylecss-typography was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2226 Malicious code in node-coremesh (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c5a0cdd89bf30a4af39a8b084445dc8db5a9433149b2935e8c2ad63a3cef008 The package node-coremesh was found to contain malicious code. Source: ghsa-malware f8ed9a272c9d2d960b2ddae6ef1f7128ff576014f4d3c296ca2b6d74eaea4ceb...
MAL-2026-2222 Malicious code in chain-coremesh (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53c78d25a9b5c960f74dda3653e6f237df054e60b0234511fa4e9fe3d650a00f The package chain-coremesh was found to contain malicious code. Source: ghsa-malware 7c22f3e9c994c2b163ca8dc9cfdd501768a8ed0163ccc7c9fde8160ace616303...
MAL-2026-2092 Malicious code in pulse-feature-flag (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fad1549c9f60719931f740e56bfa68762b93275b97574f4d8d2c08aeedc71344 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in xyztttxyz (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ec60812ab8ac06f92ad0543c7a16f930da49afbc1ca5e10e6cabffe3ffe1ddb The package xyztttxyz was found to contain malicious code. Source: ghsa-malware c7299da569fb2428ffb4bcb1641a07a7879e89460f46405e2257197a6f4fe2a3 Any...
MAL-2026-1978 Malicious code in json-specular (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21e4ef994911ed1494838bbc4c0f20fb4e194a7e264a9e7014759d9e23466ac9 The package json-specular was found to contain malicious code. Source: ghsa-malware 1bb4124a4b5522f2d7f36098f59a85a760b3e029a30baffafa922a34d2e7a21c...
MAL-2026-1955 Malicious code in kyxserver-everything (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7be104f8e720927f9b7ea1bb3d036db80ffa6b65c8b7f0a6c8af29d1d4631f43 The package kyxserver-everything was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1506 Malicious code in transform-minify-booleans (npm)
The package 'transform-minify-booleans' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in tradepmr-api-utils-drzak (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed879324b5de23922f365eaef686660dd2a42745f101998d954eda9c03449b1b The package tradepmr-api-utils-drzak was found to contain malicious code. Source: ghsa-malware...
Malicious code in @snazaah/davey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e0f71f42be87797ef9a1316bba8adb9bdef08cc765a42d1b707487f790846af The package @snazaah/davey was found to contain malicious code. Source: ghsa-malware 1e647d7cf3afc1b7a160585b664e75a2515b6b9e00925bdbc30e20625731d490...
MAL-2026-1123 Malicious code in @yaoii-bails/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d1d0d12bd58b983f5d0429e35aabbe5aff4e7206c1198199dff00f8d7edc3c6 The package @yaoii-bails/baileys was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1069 Malicious code in @skyzopedia/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d2851df7c45fca156556e4b7c5fef4c60ed254a43c4e6e51c6e02d8b5ca5a20 The package @skyzopedia/libsignal-node was found to contain malicious code. Source: ghsa-malware...
MAL-2026-833 Malicious code in express-configer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e492b9087ab21198777e586b9d21eade1fe2948bb67f1ab484c7274056861276 The package express-configer was found to contain malicious code. Source: ghsa-malware 8484436a0b43b94054c0fa7ceb955362a6557d9bef3019e2fae2e51e42ff1f...
PT-2026-6495
Impact Config partition measurement was moved from PCR 13 to PCR 14 in a commit, but PCR 14 was not added to the list of PCRs that seal/unseal the vault key. As a result, an attacker can remove the disk, use another server to modify the files in the config partition, and then re-insert the disk...