24 matches found
MAL-2026-3847 Malicious code in openclaw-cn (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98bf501cd2484b70d4811afe69007c54a9a94bcd9c137c0782a0c610a475b434 The package openclaw-cn was found to contain malicious code. Source: ghsa-malware 8f29660ec3d5b6462ff4857bf0696a14fbcf401d5f3a074376b0c9840b380612 An...
Malicious code in ml-toolkit-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in @draftlab/auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in @draftauth/client (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
MAL-2026-3602 Malicious code in @ml-toolkit-ts/xgboost (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
MAL-2026-3594 Malicious code in @draftauth/client (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in @draftlab/db (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...
Malicious code in @uipath/vertical-solutions-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76957e857334423d0c1f4100218bb5856183968cc9475481adecdf97eac57796 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3585 Malicious code in @uipath/vertical-solutions-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76957e857334423d0c1f4100218bb5856183968cc9475481adecdf97eac57796 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/ui-widgets-multi-file-upload (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11925b121ae53cf0e735a083521dcd0dbea2b475fedf3ff4e66e4cfac9d7bbec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3580 Malicious code in @uipath/test-manager-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f31efe85854bdd27afe6808efd0ba0008d127f32a645708688158673d2be586e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/telemetry (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91d05751804316999a3882b1e43e61e9b9844220d8994bdc3d9dcfa25edd5a3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3576 Malicious code in @uipath/solutionpackager-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64274b915ff6e2c5965c334cc5b2a7dca56efe8c3021c83e45d0269a9391345f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/robot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bea1fa21506bd8c16e7bfe9374906720288e6a4cae68b5e28299322cadebf60b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3571 Malicious code in @uipath/robot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bea1fa21506bd8c16e7bfe9374906720288e6a4cae68b5e28299322cadebf60b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3570 Malicious code in @uipath/resources-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 740339e7d1f42f7f163cbe965322c0e9438ae7efd05a29fbd4cc161e6fe5a5f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3563 Malicious code in @uipath/packager-tool-webapp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76aeb1a6159cbf098abccd70c3d3006fb763c2ef580545a64d87267a79705ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/packager-tool-case (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ada59d259c9e6d817c3f2381a537459e5920f1869250c0aa9798c64089fbb8a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3559 Malicious code in @uipath/packager-tool-case (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ada59d259c9e6d817c3f2381a537459e5920f1869250c0aa9798c64089fbb8a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3555 Malicious code in @uipath/maestro-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6885645b867aaec1056710aae316b39c7601e17728f7e35b391f02198b3832b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...