1025 matches found
MAL-2026-3727 Malicious code in foundry-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 650bf2f76e5aa2fc3b175c4b582ce3c3ee8b9ac6fe433ed925f6e521c619c60b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3527 Malicious code in @uipath/agent.sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45bbbe2c268afd6e7d6f55939b26f9dda7bedc69e3d2e72655495584c35f0627 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3523 Malicious code in @uipath/access-policy-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware febad4aef386c313b1c7878c4e8815c1cf931e738346cd4e7e6f53d439198d26 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3482 Malicious code in @tanstack/solid-router-devtools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d97a7cf294a17c17e22c7eead7d3de9f693c5488aecba96129d5b79b52f430de This version falls within the @tanstack/ package family compromised on 2026-05-11. The campaign published 42 packages × 2 versions each with the...
MAL-2026-3442 Malicious code in @squawk/fixes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c1b4eb0a49d55989cadcce8bda40c86dc03e5776c450cd9643e5b3f43811a87 The package @squawk/fixes was found to contain malicious code. Source: ghsa-malware 9b4ba8be3823ebe8f019d37fa681809a96867a646eeb679dd22682070aa9f570...
MAL-2026-3318 Malicious code in @b2b_blocker/hide_activation_error (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7cbbf4ca3aa2fddd7145289bbf2f3ee83ef30e0fb6aa1163f465c4175cd22aec The package @b2bblocker/hideactivationerror was found to contain malicious code. Source: ghsa-malware...
Malicious code in pos-next-react-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17462b618deafef53af5cb939d0240f899e18139f020fa631b898d2862bc6a08 The package pos-next-react-native was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3008 Malicious code in json-spacer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49ca906e0f0d7b5884d939ad398cc8367cad887c10533eb833b6f043e5368bfd The package json-spacer was found to contain malicious code. Source: ghsa-malware 04db81abcbf28276b2cb30a860e8decbc485699a1db9ea9557e0595e5f86be82 An...
MAL-2026-2996 Malicious code in sparkling-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a51b8dc4e5a69bd2a09d2bb1c705963de6b9513ff871237d21a5f6641abc0ac The package sparkling-sdk was found to contain malicious code. Source: ghsa-malware b0457cea0504e91fd51a3802d694a20e91fab0bf48731ae4a18c484eab349202...
MAL-2026-2974 Malicious code in claudcode-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88f4d319ca32cad5bc9a2f83d4b1b64c39f2d1e75f2fed26cc1172d480891b69 The package claudcode-mcp was found to contain malicious code. Source: ghsa-malware 65a350de7c4fa0545fcd3fa1439e9ea34afa50e5237688032de7bcafeb071ab0...
MAL-2026-2940 Malicious code in mailcraftjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27f66d32585597a7eeaa611a0c5f0fd20ee5a035d98d00ace5c0a333ae36b5be The package mailcraftjs was found to contain malicious code. Source: ghsa-malware bc9eb14094700cd30fbd04c4f4b7e75c8971e1ceb5442320dba55befe0fdccb7 An...
Malicious code in value-slider (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abf877173b9292185a66f77e03a35a1964c716f9cc053cd68cfd66fa005843fa The package value-slider was found to contain malicious code. Source: ghsa-malware cf716f2e826f45d1313d19d4691315d634d3199be557367c4346af4481aec65c A...
MAL-2026-2678 Malicious code in snitz-chief-cloud (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbc306ec8452bc2fd831e57407e5c99169c8e2813debf726f99604d8c6e459a4 The package snitz-chief-cloud was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2626 Malicious code in getcardslib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88c984b34b3bacb405ca57d999a20be2a2c4c1b3ad75fa7e60f8d6e814b30ab5 The package getcardslib was found to contain malicious code. Source: ghsa-malware ce7e3143ce06f31e15162fef48924c625caddc3e6cc75c9640b053c38ad2665c An...
MAL-2026-2609 Malicious code in trade-in-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 282ed834f41ff1362de41082e4502858b54128699bb58026d73f704aafa71035 The package trade-in-lib was found to contain malicious code. Source: ghsa-malware 927f61fc76a553ba10121fbae7bc4961b0d67d52ab41498d9b0b232a4c2362f7 A...
MAL-2026-2601 Malicious code in dwaiter-company-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 602a450ab8f9d48b5e7ca03f6e4cf89803a6f1a0e6e35d453c92e59143096577 The package dwaiter-company-web was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2633 Malicious code in markdownlint-rule-link-pattern (npm)
Malicious package due to data exfiltration via preinstall, test and preupdate scripts using wget to send user, path, and hostname to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c5ffad19a9d8a62d1ee2a266767e609ffeba74597b50248d751b28cdffae844...
Malicious code in cua-primitives-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8835d90bff1ed316ff7b7be2d8a1223402e539c4b10cfc2ba0de3164dc438570 The package cua-primitives-server was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2221 Malicious code in @validator-lut-sdk/v3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cb4c0ee3137b51767f901297bd8743d7f23109b2897aec6b659a433c5c29a86 The package @validator-lut-sdk/v3 was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2198 Malicious code in omaronsec (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ff0bfae46cd199f9de68fa7a40d0f579cd8918783db054a2eb83c8cf047424f The package omaronsec was found to contain malicious code. Source: ghsa-malware 67e67c70590c02b44ced517d12ded441ebcd7e80617a6818d06ad836620910f6 Any...