EUVD-2025-30102

Malicious code in bioql PyPI...

Malicious code in @art-ws/http-server (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1148086ae7be1e10c209ad1d5b54d91c8c7c651b11f99c6d01b7f79a84118212 Any computer that has this package installed or running should be considered fully compromised. All...

MAL-2025-47379 Malicious code in @art-ws/http-server (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1148086ae7be1e10c209ad1d5b54d91c8c7c651b11f99c6d01b7f79a84118212 Any computer that has this package installed or running should be considered fully compromised. All...

@art-ws/fastify-http-server (>=2.0.1 <=2.0.23), @art-ws/openapi (>=0.1.1 <=0.1.8) potentially affected by unknown CVE via @art-ws/http-server (>=2.0.1 <=2.0.20)

@art-ws/http-server NPM version =2.0.1, =2.0.1, =0.1.1, =0.1.8 Source cves: unknown CVE Source advisory: OSV:MAL-2025-47379...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...