91 matches found
Malicious code in internallib_v95 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 446fa224122b28950a2a22289bd7a9bf4a29861cde218c495651e1e58da37176 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in explorhub-ai-agent (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6608fa84304d8e7344518aab88e30f2b2a95aff43b2adbb664126857a14c5b45 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in viem-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b4fdfd2feb3635d346056076f2597928654f198a02ff13ff1a4c5725b823456 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3566 Malicious code in @uipath/platform-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89f494a30a8fe1637198b531a2c267ebb3aedf5d0c537afc1f12ea2186ef1d1f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3458 Malicious code in @tallyui/connector-vendure (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0283da4a59287c5418e3485a9a642cfbb9cc387f5e1ab4c120af92199daa0970 The package @tallyui/connector-vendure was found to contain malicious code. Source: ghsa-malware...
Malicious code in @tanstack/react-start-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8358ce998650baf1a9cb6bb602109da81268c43855ad0b16f892687cc89f104d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Microsoft won’t patch PhantomRPC: Feature or bug?
A researcher has discovered a weakness called PhantomRPC that Microsoft does not consider a vulnerability it plans to patch. PhantomRPC involves Windows Remote Procedure Call RPC, the core of communication between Windows processes. The vulnerability lets a process with impersonation rights...
Malicious code in typescript-type-graphql (npm)
The package 'typescript-type-graphql' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1182 Malicious code in bigmathutils-v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c792a1951ba6e4b2e2f4e8b067b8be850400fbc0f20e89af56336fffd56b2522 The package bigmathutils-v2 was found to contain malicious code. Source: ghsa-malware cd02bf555ca1d0393411bacd3b44a82ab4c6726b7510274bcdca34126958da6...
MAL-2026-1181 Malicious code in webnochs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0860fbeb548c9d3b4715f96f79662f1dc2bd03a179268a2aba3dd907a7fa7a1b The package webnochs was found to contain malicious code. Source: ghsa-malware 254c459dafb2f3949b0e8cf6c70e4faa60aa14c46866879b8e80185bf07d89c8 Any...
Malicious code in xml2js-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c18f9df8257f4f610dbfd70460757eb36539314c7cce4d9eda82758da6984725 The package xml2js-js was found to contain malicious code. Source: ghsa-malware cf7cd10255ee6ff91469e7f180436d90c3eca29de3dc0b3f883c13403ca30132 Any...
Malicious code in eslint-plugin-supertest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69e51e22e6032e74b136ec2615b38bd5801cca8f5a4ef8a09747a442b656ec17 The package eslint-plugin-supertest was found to contain malicious code. Source: ghsa-malware...
MAL-2026-83 Malicious code in wikibuy-mobile-analytics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e240a0c7b0f1e6f0ce72c097409a543c14de0b3231f000ef7d37c8d61b0e1ad8 The package wikibuy-mobile-analytics was found to contain malicious code. Source: ghsa-malware...
Malicious code in sdbao-content-report (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 352174ed8ad21b72357fc69c51e395ee7b1ceb75b55603d205bdc8280dfc00b1 The package sdbao-content-report was found to contain malicious code. Source: ghsa-malware...
MAL-2025-192374 Malicious code in solana-dexco-basic (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c85fd31c83f8c435f8ac1833cf404a39af10af647c6305eab6e8ff993eadf9a The package solana-dexco-basic was found to contain malicious code. Source: ghsa-malware...
Malicious code in tensor-fi-utils-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 097848a520bc6a7316c011e97b306f4743b5498acdeccea54d5d4a0ab44bdebd The package tensor-fi-utils-core was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191431 Malicious code in sufetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8efd418803202b34256057a848e0e9fbd6ad735dd0a011b4e7ca9cd46d088b39 The package sufetch was found to contain malicious code. Source: ghsa-malware 96568dd37a7486f46399a553eecede4295c1c52321560fb15faaa4525e898642 Any...
MAL-2025-191124 Malicious code in lint-staged-imagemin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8cfbe33b97d4e3997d348c9532c834715e755ea1d28a6b30f2276209d4f45db The package lint-staged-imagemin was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191126 Malicious code in luno-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2620f6e7e546cf45578383002edf88f0d14cfff7c3b3fbdadff49d591e9a67d The package luno-api was found to contain malicious code. Source: ghsa-malware b14565c7974772eb7c5d608e000f39017115adb0304131b6d1b03f7402fa9d1f Any...
MAL-2025-191016 Malicious code in svelte-autocomplete-select (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9659f91ce1f699661cdedee2d6691f0a4a515b4941511290b0082e5b662a91ea The package svelte-autocomplete-select was found to contain malicious code. Source: ghsa-malware...