Malicious code in @antv/x6-vue3-shape (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-4117 Malicious code in @antv/x6-vue3-shape (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

@ind-rcg/generator (>=262.1002.0-beta.2 <=264.1004.0-beta.1), @ind-rcg/modeler-sfdx-cli-plugin (>=262.1002.0-beta.4 <=264.1004.0-beta.4) +2 more potentially affected by CVE-2026-26801 via pdfmake (>=0.3.0-beta.2 <=0.3.2)

pdfmake NPM version =0.3.0-beta.2, =262.1002.0-beta.2, =262.1002.0-beta.4, =262.1002.0-beta.3, =1.0.0, =2.2.0 Source cves: CVE-2026-26801 Source advisory: OSV:GHSA-WP52-R2FP-4VMR...

Malicious Package

Overview base-ui-vue3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2026-3085

Malicious code in base-ui-vue3 npm...

MAL-2026-270 Malicious code in base-ui-vue3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02dfd5d7f28a3a6c1911e9b745f0114967cd677bea80bbfc7c490e6bf1f09ddf The package base-ui-vue3 was found to contain malicious code. Source: ghsa-malware 88f9d0f6ba47ed2a8d641427839b31d3b2debfea9d13f32125734f392a0838d9 A...

Malicious code in base-ui-vue3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02dfd5d7f28a3a6c1911e9b745f0114967cd677bea80bbfc7c490e6bf1f09ddf The package base-ui-vue3 was found to contain malicious code. Source: ghsa-malware 88f9d0f6ba47ed2a8d641427839b31d3b2debfea9d13f32125734f392a0838d9 A...

CVE-2025-15372

A weakness has been identified in youlaitech vue3-element-admin up to 3.4.0. This issue affects some unknown processing of the file src/views/system/notice/index.vue of the component Notice Handler. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2025-15372

The vulnerability is in youlaitech Vue3 Element Admin up to 3.4.0, affecting the Notice Handler component (src/views/system/notice/index.vue). The issue enables cross-site scripting due to unspecified input handling, with remote exploitation possible and a public PoC available. Multiple sources r...

vue3-element-admin 安全漏洞

vue3-element-admin is a backend administration front-end template open-sourced by the Yurai Open Source Organization. A security vulnerability exists in vue3-element-admin version 3.4.0 and earlier, which stems from an incorrect operation of the file src/views/system/notice/index.vue, which could...

PT-2025-54270

A weakness has been identified in youlaitech vue3-element-admin up to 3.4.0. This issue affects some unknown processing of the file src/views/system/notice/index.vue of the component Notice Handler. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The...

Malicious Package

Overview vue3-tiktok is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

Malicious Package

Overview pokedex-vue3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in vue3-transpiler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61eaca42a219c9b161768c7938d34f6bc4d6e169c5ae43e88acf7a8a70be537b The package vue3-transpiler was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-190626 Malicious code in vue3-transpiler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61eaca42a219c9b161768c7938d34f6bc4d6e169c5ae43e88acf7a8a70be537b The package vue3-transpiler was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-48878 Malicious code in test-utils-vue3 (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in vuex-vue3 (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-47602 Malicious code in vuex-vue3 (npm)

The package communicates with a domain associated with malicious activity...

Incorrect User Management

Overview jeecgboot-vue3 is an Agent =============== 当前最新版本： 3.8.1（预计发布时间：2025-04-21） Affected versions of this package are vulnerable to Incorrect User Management via the sendMsg function in the /message/sysMessageTemplate/sendMsg path. An attacker can gain unauthorized access to sensitive...

Malicious code in vue3-image-base64 (npm)

The package vue3-image-base64 was found to contain malicious code...