384 matches found
MAL-2026-5049 Malicious code in @lir-portal/web-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6cc9f2fe6ad0219df5db208b736cb45305b7e7062ec9d66a3316427e050989f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @limebike/supreme-date-pickers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c82e94fac384ea6891e5aea99635ab429663e321502acbbc9eaaf81864e0d5e On npm install, both preinstall and postinstall hooks execute index.js, which collects the installer's hostname, all non-internal network interface I...
MAL-2026-3585 Malicious code in @uipath/vertical-solutions-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76957e857334423d0c1f4100218bb5856183968cc9475481adecdf97eac57796 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/resources-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 740339e7d1f42f7f163cbe965322c0e9438ae7efd05a29fbd4cc161e6fe5a5f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3441 Malicious code in @squawk/fix-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 624b956af551986dc49e0004c6e0c804f3b48f57216b63bb5784c9c236e866da The package @squawk/fix-data was found to contain malicious code. Source: ghsa-malware b47010b41e9098203e9d382c36292a5bfa3c32741fbc916a9a9935f9975fc8...
MAL-2026-3495 Malicious code in @tanstack/vue-router (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 23dd073c586a2dad28ee9957fd8a3059bcbb261fbbb6a17e3b99a7145158ef8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3169 Malicious code in frank-newton3-db-final (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37a69c1c519dbe289ed217a75f1a31ace9b850acdb7df6cdadd95ca68f879f1d The package frank-newton3-db-final was found to contain malicious code. Source: ghsa-malware...
Malicious code in ui-utils-udhay-alerts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed8bd73e0d75fbda0ce08b97273d9ed56f21e9bc0967b05541013a944c85f3c0 The package ui-utils-udhay-alerts was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2605 Malicious code in kaltura-ngx-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33934fb6026f53c4e012992591edb1038036a17c485afca8e8fb3e40083a44ce The package kaltura-ngx-client was found to contain malicious code. Source: ghsa-malware...
Malicious code in babel-plugin-blocks (npm)
Malicious package due to data exfiltration via test, preinstall, and preupdate scripts in package.json using wget to send data to webhook.site. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 679960b444e4781d7276df8692808a4bc4507d29aefe943ffe4d3dfb35dcc141 The...
MAL-2026-2319 Malicious code in base-or-engine (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2deff4ab9db147fda78b79b3687e76c9d46381670c58924f03f852518002a649 The package base-or-engine was found to contain malicious code. Source: ghsa-malware d6d4b7d60db50af8f8a9614f9ac0a742cf6472998e11e6233c6190b518332958...
Malicious code in express-session-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3beac16c32c8776482bafbb2ad95b50b7b18bf6e93fbf712238f60a4d7ae363d The package express-session-validator was found to contain malicious code. Source: ghsa-malware...
Malicious code in @airtm/uuid-base32 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5843013e1c89122451c17ec535f73c4e36dc3596c32522dd9b03bbb68637c4f3 The package @airtm/uuid-base32 was found to contain malicious code. Source: ghsa-malware...
Malicious code in kyxhiagent123 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cbb459239a25561ab1236b8a8a65a78c2a6e4a3d8a1d6108e765bb00f30bc3f The package kyxhiagent123 was found to contain malicious code. Source: ghsa-malware 49504d4323ce1499bf13802068f8105487c66e05b4f7a31f6a2209820ccf08ba...
MAL-2026-1550 Malicious code in syntax-export-extensions (npm)
The package 'syntax-export-extensions' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1391 Malicious code in @dinzid04/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e75cf71f0ce959b1ec335f4481db2cc423250422c02e9bf33d40e12b6f541760 The package @dinzid04/baileys was found to contain malicious code. Source: ghsa-malware...
Malicious code in test-logsmodule-v-zisko (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6f59f2c34febf5b71ba7f6912540619742de8815167ecc99397fe9b5b9eced9 The package test-logsmodule-v-zisko was found to contain malicious code. Source: ghsa-malware...
Malicious code in pearpass-lib-vault (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9729170ea50dd87efd7011a6f482d6ddae18cb1c53f5fd755c3ce10f9e23448 The package pearpass-lib-vault was found to contain malicious code. Source: ghsa-malware...
Malicious code in corp-build-utils-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 862b2e0a8f0028f96ee10ab1a7c8ea0fc397169634a9473a09865a173c483c92 The package corp-build-utils-poc was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1188 Malicious code in alpha-replicator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 813b40640376929ec6b2c1eac05da3cf3248e3ad74ea5f28ec2c6770a81b039d The package alpha-replicator was found to contain malicious code. Source: ghsa-malware 2a31df37c5505c0c72366c3a25757305201aa2db41da2a774157074244006a...