3553 matches found
Malicious code in twcompose-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 096d151917a14021013de8dbd595466944a677be49ee8ca4b3ed94de63d85cd9 The package's main entry point src/index.js contains heavily obfuscated JavaScript at line 138 using a classic string-array shuffle pattern while!!...
MAL-2026-6899 Malicious code in twcompose-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 096d151917a14021013de8dbd595466944a677be49ee8ca4b3ed94de63d85cd9 The package's main entry point src/index.js contains heavily obfuscated JavaScript at line 138 using a classic string-array shuffle pattern while!!...
Malicious code in ts-bigtn (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3fe9cda51a9c873f69575fec5aada84c81b0b7e907d060f28d6c6e95dc381911 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6895 Malicious code in ts-bigtn (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3fe9cda51a9c873f69575fec5aada84c81b0b7e907d060f28d6c6e95dc381911 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6894 Malicious code in tracing-str (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 466143b5f195d4924e2227921a288954ecec9ed34d52af8ff433056f5ff56903 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6868 Malicious code in pretty-pino-loggers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6f1b4c6d11dae72d82f4c6d856e9445f27cee3a1ed475f2043b5d7369aad48be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in polymarket-onchain-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73556a574d8ee416a5440f889b73cafff3b464650d6b2b2caf4001ce15086f6c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6857 Malicious code in npm-doc-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cd9478699eb0ff355280d938bef68818018c0c5cb579b3c144f6c0e134dfad1b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in log-format-thread (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e034e855661cc792a14908c613b0d3ae31917a99927ddf0db29b1ae173df0cd Package advertises itself as a log formatter but exposes an undocumented threadContent option on createLogger that is forwarded to a worker thread...
MAL-2026-6841 Malicious code in jsonupper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1b0da679706ef488ebbf32e7449d3b4d79fae3bf468f5f167de3f657f75eb2a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in bootstrap-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9ac4913fc1ffcabe1ed6637abc6d532abc014683f48b341ece6127a51da15d8 The package's index.js is heavily obfuscated with classic string-array shuffling patterns e.g., while!! loops with repeated 'shift' calls and...
MAL-2026-6743 Malicious code in api-node-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ac5b00d553b256f998ea13be45b7f41a939f85e3c272bf24fd91ad6747c6266 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6738 Malicious code in @jacobtan/decode-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a99e8b0d7812c216410fc0ff557698f61a595d4ded8579c18fab63ab3ac8b924 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
UBUNTU-CVE-2026-54887
Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...
MAL-2026-6615 Malicious code in @digitalpharmacist/http-error-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd3874246d23d6027bd09962515c8e79a0246740ff5fc6f853270c0a40271d18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @orbis-lr-sdk/orbis-lr-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 447ee314f32023031250cefe4570378f31d8055a02384eccecb5c288ae6e2405 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @ms-ows/logging (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b7ffaf65611a7bb55512d442ab6d19f3b1c702db0224b994e0b80df4f30e1dff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6633 Malicious code in @ms-ows/logging (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b7ffaf65611a7bb55512d442ab6d19f3b1c702db0224b994e0b80df4f30e1dff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6640 Malicious code in @rakuten-rewards/messaging-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5881076c822a732d6344ff3614bf7437722ca46d9d5f5dbdf3105586fa078dd4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @experian-shared/services (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b9781b2089d3aeafbedfe7c81af43904472553991bd7e50695ab301d4529eaa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...