Malicious Package

Overview reactive-cdk-app is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-4255 Malicious code in cdk-sagemaker-notebook-workflow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cc9c1db01ca14b294be21438478ec14dc6549a4b7b9ec5cf73dd7aa227f7ad8 The package declares a preinstall hook node index.js in package.json that fires automatically on npm install. The script collects os.hostname,...

Malicious code in reactive-cdk-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84d7572f96294e867b18a0448ac0e70af3d08769749aa73388b38d88492559e4 package.json declares preinstall: node index.js, so installation automatically executes index.js. The script reads /etc/passwd via fs.readFileSync,...

MAL-2026-4254 Malicious code in reactive-cdk-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84d7572f96294e867b18a0448ac0e70af3d08769749aa73388b38d88492559e4 package.json declares preinstall: node index.js, so installation automatically executes index.js. The script reads /etc/passwd via fs.readFileSync,...

EUVD-2025-7905

Malicious code in bioql PyPI...

EUVD-2025-9050

Malicious code in bioql PyPI...

EUVD-2025-10958

Malicious code in bioql PyPI...

MAL-2025-16694 Malicious code in cdk-integ-tools (npm)

The package cdk-integ-tools was found to contain malicious code...

Malicious code in @epc-tools/testutil-cdk-expect-policy (npm)

The package @epc-tools/testutil-cdk-expect-policy was found to contain malicious code...

MAL-2025-7848 Malicious code in @epc-tools/testutil-cdk-expect-policy (npm)

The package @epc-tools/testutil-cdk-expect-policy was found to contain malicious code...

Malicious code in cdk-integ-tools (npm)

The package cdk-integ-tools was found to contain malicious code...

Malicious code in @evt-cdk/codepipeline (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6830 Malicious code in @evt-cdk/codepipeline (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6831 Malicious code in @evt-cdk/core (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a8a0ad11a64b544d80bc12997810cd5b4bf68f64136221617a6f7d54173491f7 The OpenSSF Package Analysis project identified '@evt-cdk/core' @ 7.0...

Malicious code in @evt-cdk/core (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a8a0ad11a64b544d80bc12997810cd5b4bf68f64136221617a6f7d54173491f7 The OpenSSF Package Analysis project identified '@evt-cdk/core' @ 7.0...

CVE-2023-35165

AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages aws-cdk-lib 2.0.0 until 2.80.0 and @aws-cdk/aws-eks 1.57.0 until 1.202.0, eks.Cluster and eks.FargateCluster...

Arbitrary Command Injection

Overview @cdklabs/cdk-proserve-lib is an AWS CDK library containing constructs, aspects, and patterns. Affected versions of this package are vulnerable to Arbitrary Command Injection due to forgetting to export the new Aspect. An attacker can compromise insecure resource policy settings,...

Incorrect Execution-Assigned Permissions

aws-cdk-lib is vulnerable to Incorrect Execution-Assigned Permissions. The vulnerability is due to unexpected Aspect execution order due to the introduction of a new priority system that overrides hierarchical aspect evaluation, potentially leading to incorrect permissions boundaries being assign...

aws-cdk-lib's aspect order change causes different Permissions Boundary assigned to Role

Summary The AWS Cloud Development Kit AWS CDK is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. In the CDK, developers organize their applications into reusable components called "constructs," which are...

Malicious code in cdk-construct-library-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7030a0b9d7d1eed660c8a53ad26a551201ff0ee4a7ee399b284e9c0b4a61214f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...