59 matches found
Malicious code in yelp-biz-action-constants-js-generated (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 063bb3466bef20db9d0f0c8436b384fe8b498ccceef3993ab43e0482b43efc40 The package yelp-biz-action-constants-js-generated was found to contain malicious code. Source: ghsa-malware...
Malicious code in n8n-nodes-format-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b8b8fc0a97b9f9e3203a35534d7ff6518dbe0e53753093610315382e5f40b0e The package n8n-nodes-format-utils was found to contain malicious code. Source: ghsa-malware...
Malicious code in transform-react-jsx (npm)
The package 'transform-react-jsx' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in ignore-html-and-css-imports (npm)
The package 'ignore-html-and-css-imports' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in @shenira/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37c19428681ab141c5cbfe55488bba7fb3d752e39dcffc01da944544bc0b104b The package @shenira/libsignal-node was found to contain malicious code. Source: ghsa-malware...
Vulnerabilities fixed in Oracle Hyperion
Oracle has fixed vulnerabilities in several subcomponents of Hyperon products. The vulnerabilities allow unauthenticated attackers to compromise systems, perform denial-of-service attacks, and modify or steal sensitive data. Oracle has released updates to fix the vulnerabilities. See attached...
MAL-2026-186 Malicious code in yunxohang6 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 330a33730fe31c0ddee057fe9fa709d90447db3692211537a9570f70451e64a6 The package yunxohang6 was found to contain malicious code. Source: ghsa-malware 3f00c325c438e731f2f5c0a66e4135cf7e682994875cdc4e2df8dbffbdb299f6 Any...
MAL-2025-191389 Malicious code in axios-cancelable (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7210c0ae0996b1026ba173fc3f0628154433a7a8ba971106d24dab744d6d28ec The package axios-cancelable was found to contain malicious code. Source: ghsa-malware 34b03d17fe2a4d83f67cbda737712693abb19fc4da135fab010adb7aeeb82d...
MAL-2025-191244 Malicious code in @lui-ui/lui-tailwindcss (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8515f668c012cc4072d376364ab0ed194d6040b86dbc19737c43a7ab00acd2d4 The package @lui-ui/lui-tailwindcss was found to contain malicious code. Source: ghsa-malware...
Malicious code in @ensdomains/dnssecoraclejs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d8f72e47dba9adfd21c5f526d40d193f0435c04c45da2057d73878073ba79c4 The package @ensdomains/dnssecoraclejs was found to contain malicious code. Source: ghsa-malware...
Malicious code in @trigo/trigo-hapijs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c7e81e80711c8a06b45fdcf920330f28c7da02f8080f179ee1161717bdc2a78 The package @trigo/trigo-hapijs was found to contain malicious code. Source: ghsa-malware...
Malicious code in jest-hoist (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20b09510a5986b0d378b1a5d9f7c081cd5d2bb67ad05f55090240bb0e976729e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in add-module-exports (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c839bfd4379fee1d18fbca3447b73a811fda655fedf4480f2593d5d75149a421 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mcp-server-everything (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 263d07d53076b8ca1efe56fcd69d4a4e3c6d6a496b6086a03b8bafb8ae58900c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in catflix (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d0f682b0d66f1100534a823b754c3bc096ac54a5142489698fc5589813699d9e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in yandex-metrica (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c347c0cd149f59328faebe4ea3eaf82b02f9eeb1971ee50b89880ccff4620e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in z0ra-helper (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ae1a970257032672e791f973b2735c2296a92f9af170ed32e74cb9145f113e6 Any computer that has this package installed or running should be considered...
Malicious code in vue-coreo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1167ba130b5705599b06b2fbc88a331c7b50940fd3228204637781cc9b6df0a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @loybung/hyper-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a646dc40194d6a79d5af905b5f0de4abf8ac46c73d1f0659c50454fa2ea9353 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in com.unity.rendering.light-transport (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1fc9f46e39b3f3be7d09553ea71c7f7f3611b95a6cca1730f90f7094dda0ad54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...