342 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
MAL-2025-190825 Malicious code in @strapbuild/react-native-date-time-picker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5a0237f0f0916f69a132f28afefe58f6c681c43c8dd6d3ca62ae2a3c2d6af45 The package @strapbuild/react-native-date-time-picker was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190848 Malicious code in lite-serper-mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4004eeb497395a7e5423b056c76905cd2679f242fc432352479ee7b657383084 The package lite-serper-mcp-server was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190796 Malicious code in @actbase/react-native-simple-video (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df9f78c8d60111302902eadd3b683dc87591b36eedaa9ecb63d445745091aee6 The package @actbase/react-native-simple-video was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190816 Malicious code in @kvytech/medusa-plugin-newsletter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99033b798316d2e4a30d7900d30e42c8339263e325be24419a9856beb1623378 The package @kvytech/medusa-plugin-newsletter was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190756 Malicious code in @seung-ju/openapi-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f38aa15b9a4a24dec5d8ea17b00f0bcc9e7ba46386fd087b3a9fa569ade45a6 The package @seung-ju/openapi-generator was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190762 Malicious code in @zapier/browserslist-config-zapier (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5146756159d44339572781661307fc36bb08adb636158ee54628f774506ae47 The package @zapier/browserslist-config-zapier was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190746 Malicious code in @kvytech/medusa-plugin-product-reviews (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e7d8c065be2eaeb4187aed0dbe61de9f0f0ee2b51d61330d9211866dff01504 The package @kvytech/medusa-plugin-product-reviews was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190726 Malicious code in @ensdomains/curvearithmetics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e8d0412a2e09e5e875c436da127697b8fe370cc878272dc55216b4d6b16d13c The package @ensdomains/curvearithmetics was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190673 Malicious code in @posthog/rrweb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e7ff62f7afccd552b5eff3833fa122ace1a2f8ef6447e4b372673896063098f The package @posthog/rrweb was found to contain malicious code. Source: ghsa-malware 8278c73c0fa29817d8923864303d2e24c5a7bd038a9f8a2cae587329a3837cab...
MAL-2025-190649 Malicious code in posthog-react-native-session-replay (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2487b6f3e3f9f2ef47f2509033fe071b332f5035e1e01320482eea928ae8a120 The package posthog-react-native-session-replay was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190647 Malicious code in @postman/tunnel-agent (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6961dafcc910bb7a6b1db8cb597068eeb85f973dcd669392354a7b614928dbf5 The package @postman/tunnel-agent was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-133421
Malicious code in teate-thy-sonic-cibi npm...
EUVD-2025-139249
Malicious code in nuyar-a-buya npm...
EUVD-2025-123929
Malicious code in pavo-bootes-capella-meissa npm...
EUVD-2025-116277
Malicious code in axios-despina-karma-duplex npm...
EUVD-2025-105726
Malicious code in dono-ragi93-breki npm...
Malicious code in codegrid-js (npm)
The package codegrid-js was found to contain malicious code...
MAL-2025-48891 Malicious code in final-osint (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e4fd0b958714b427b2b2c39e7afd8134f71fae10467ce32d52cffeb74ec716c2 Importing the module starts an infostealer exfiltrating e.g. browser data --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealer...