152 matches found
MAL-2026-4327 Malicious code in ts-relayer-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9f9e2000d1658b2543f1c5cbad624d62c9f64ee71f90282e774cb6222c4d857 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @gbrlxvii/ts-form-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a6e392f9939f227d4cee6ca815413961f271e9d22f33f7f0384a34c54d74223 On require'@gbrlxvii/ts-form-utils', index.js silently loads lib/perf.js inside a try/catch. perf.js immediately collects host fingerprint os.hostnam...
EUVD-2026-27530
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
Malicious code in dgxeon-baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d41bea5fa12db95f82f32ef9f61f3e7dc60e7ef381589dff3780e758c19441f5 The package dgxeon-baileys was found to contain malicious code. Source: ghsa-malware 6c59d91ff6ae7727c79a7dfac9d7a7251193e519cf4f1f846a7368c1db065340...
Malicious code in shop-republik-ch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3fe1a756db5b61e6883fb43ab2f27fd56333e302ad597c4bb9f1743b1f19b6 The package shop-republik-ch was found to contain malicious code. Source: ghsa-malware b68c5977e45306e58eda4d2345cb1ac0eba178c179064471f3327a30915e6d...
MAL-2026-1531 Malicious code in syntax-decorators (npm)
The package 'syntax-decorators' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1201 Malicious code in mongos-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6580043c6aae1e9b2a53c9656a14b094f0e3b00ea7728457e4f2f2e46458358 The package mongos-api was found to contain malicious code. Source: ghsa-malware 7bf084b38089206dc3a1aea5fa3a424ca23992e8a695031b17b8a2bb85fd491d Any...
Malicious code in mysql2.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf03a68f80a8549d53b74c88dcddc103e1ba4941db706b05958b5a8afd7912b9 The package mysql2.js was found to contain malicious code. Source: ghsa-malware a62950456c9e80360128c446e77395618e0567734ef79c8d93f73aa0c1c45115 Any...
MAL-2026-522 Malicious code in magento-coding-standard-eslint-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 181566f148b6cac8ad613b2942849254b7a6968bbe5e16a9d009aaa8e4184b25 The package magento-coding-standard-eslint-plugin was found to contain malicious code. Source: ghsa-malware...
Malicious code in @afg-ikea/ikea-modals (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec5202678b3acce22244ccd41e821e68167ca297f94450cb3b5debeac9ec2c50 The package @afg-ikea/ikea-modals was found to contain malicious code. Source: ghsa-malware...
Malicious code in storage-types (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2793f12e0ee779bcb14e4a4a5198059f576c8f832a64238e1584d6b2cd34209 The package storage-types was found to contain malicious code. Source: ghsa-malware 43db13077851634493e5c8eded5eb06487ff41dcb7dad90ab9a2e3101e14b323...
Malicious code in n8n-nodes-zl-vietts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2958734e09db17aba6589bb89622305f26fc83a16d475018b5ae88b694b9e4c The package n8n-nodes-zl-vietts was found to contain malicious code. Source: ghsa-malware...
Malicious code in theme-neutral (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9701381076541b8fbe448e03eb174cb40e2fd27237bfb442f219bf94911d035 The package theme-neutral was found to contain malicious code. Source: ghsa-malware 50a19fb9e329c206942de6cdd79f346a105320f4e71d0b652b154001b1dde8e7...
Malicious code in mixpanel-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b11bdefc18a5b590716cefe2036f1f759ccb42fd3c22c420ac524a479ff9f01 The package mixpanel-lib was found to contain malicious code. Source: ghsa-malware 03fe07795e21df3debb6abf06b5b47f19ddd7996e5be6b06d8dd07fa37e7cd2f A...
Malicious code in wifi-killer-xnet (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc233a0f06c7d7ecc69b5b2166295c9e8b63c8c05198355f8f80295907125e17 The package wifi-killer-xnet was found to contain malicious code. Source: ghsa-malware 98f1d50e89f69d69cfae05f464ddc4db1ea8e83fb48168cad1f75c87d4705a...
MAL-2025-192383 Malicious code in chai-uuids (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42324f1af790a75f6b7a0e081a7d97f1e299d3d3c8c815e37c594d0835ced4a6 The package chai-uuids was found to contain malicious code. Source: ghsa-malware 35cdb6e3e91aabd46ed85adb22b6972f688ae93b61f82f3cb8e2adb8f4294c48 Any...
Malicious code in typescriptjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6082397917a827f5633f57e4e1ab18b29257f511ac05859c4c27d6b632fae026 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48195 Malicious code in redirect-nixl3q (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cd2084ef33a02435f2b8aa0028983b0e47124d66f442e8241d323fe37176caf4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48233 Malicious code in redirect-xs13nr (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1049bdaa947906b364017bb13767c04598a526833d572bdc908840a74996a93d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2020-22061
Malware in sbrugna...