Embedded Malicious Code

Overview node-ipc is an A nodejs module for local and remote Inter Process Communication IPC, Neural Networking, and able to facilitate machine learning. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals an advanced credential-stealing infostealer. A...

Malicious code in cjs-biginteger (npm)

big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad18a38aa59b5edbd05dbdf229f4d013446f970fe18b41e54ffc1c24a926d2bd The package cjs-biginteger was found to contain malicious...

Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Summary The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it emits, without any escaping or sanitization. An attacker who can influence template filenames or CLI...

PT-2026-28573

Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings – template file names and several CLI options – directly into the JavaScript it emits...

CVE-2026-25547

@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service DoS issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, t...

Malicious Package

Overview vite-commonjs-support is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this...

GHSA-37J7-FG3J-429F Happy DOM: VM Context Escape can lead to Remote Code Execution

Escape of VM Context gives access to process level functionality Summary Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the user runs untrusted...

Arbitrary Code Injection

Overview org.webjars.npm:happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML. Affected versions of this package are vulnerable to Arbitrary Code Injection due to default evaluation o...

CVE-2025-61927 Happy-DOM has VM Context Escape

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...

Malicious code in node-ts-cjs-web (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in node-ts-cjs (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-15290 Malicious code in babel-plugin-mail-transform-inline-imports-commonjs (npm)

The package babel-plugin-mail-transform-inline-imports-commonjs was found to contain malicious code...

Malicious code in babel-plugin-mail-transform-inline-imports-commonjs (npm)

The package babel-plugin-mail-transform-inline-imports-commonjs was found to contain malicious code...

MAL-2025-6752 Malicious code in plugin-commonjs (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in plugin-commonjs (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in commonjs-quirks (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dcec4e4bf134e8db1b8066d669598fcc2abee6878c561780ea292d0ee6e9d0db Any computer that has this package installed or running should be considered...

MAL-2025-5301 Malicious code in commonjs-quirks (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dcec4e4bf134e8db1b8066d669598fcc2abee6878c561780ea292d0ee6e9d0db Any computer that has this package installed or running should be considered...

Malicious code in commonjs-package (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1eb6fb77a7ed0e6f32859fe04a1eb474d52987aaf21bb24d32c51656ff5de850 Any computer that has this package installed or running should be considered...

MAL-2025-5300 Malicious code in commonjs-package (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1eb6fb77a7ed0e6f32859fe04a1eb474d52987aaf21bb24d32c51656ff5de850 Any computer that has this package installed or running should be considered...

Malicious code in deere-ui-commonjs-shim (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a67ec4bddb1b8af04cfc08903b303377f2c20937c3b6f13287bcb450d2189a53 Any computer that has this package installed or running should be considered...