15467 matches found
Malicious code in npm-demo-1112 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 997173ec7aa479e3f57733838a8d8923cd42b2a9b272936ae7798a8f3c7f3699 The package npm-demo-1112 was found to contain malicious code. Source: ghsa-malware dd67ca28466b78c5da65f0a98c71b3e3243c90641b4de5d7ccc3215dbb1a33e4...
MAL-2026-1443 Malicious code in es-lint-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cb77bc53967094108e0dec0e00ddd13bef1d74b3482d959c28c4fc13753cd49 The package es-lint-builder was found to contain malicious code. Source: ghsa-malware e4f62649e3a09df9cabfd19d23538447b0d8762de9506c23c5b27c4a6882967...
MAL-2026-1442 Malicious code in bignumber-tool.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81863c7d661d7e537eb4cafb3e74ae83b61483b4617c03f6a4283d34ce651102 The package bignumber-tool.js was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1444 Malicious code in graphql-request-dom (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12e85257ce18204d98a8a6181fa40a75d7feb91477b98f6b86ba89223a9f4e51 The package graphql-request-dom was found to contain malicious code. Source: ghsa-malware...
PT-2026-25785
A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route set user policy rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. It is possible to launch the attack...
Malicious code in transform-dynamic-import (npm)
The package 'transform-dynamic-import' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in proposal-typescript (npm)
The package 'proposal-typescript' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1554 Malicious code in typescript-validation-schema (npm)
The package 'typescript-validation-schema' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1530 Malicious code in styled-components-a11y (npm)
The package 'styled-components-a11y' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1500 Malicious code in @storylane/shared-packages (npm)
The package '@storylane/shared-packages' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1512 Malicious code in undeclared-variables-check (npm)
The package 'undeclared-variables-check' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in typescript-react-query (npm)
The package 'typescript-react-query' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in transform-typescript (npm)
The package 'transform-typescript' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in pear-wrk-wdk (npm)
The package 'pear-wrk-wdk' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...
MAL-2026-1514 Malicious code in declaration-block-no-ignored-properties (npm)
The package 'declaration-block-no-ignored-properties' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2...
MAL-2026-1416 Malicious code in twitch-security (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f99261d9b844b178048388c92a488b23fa3bf806bbedbcc40108cb97f0b7087 The package twitch-security was found to contain malicious code. Source: ghsa-malware f46d2713d7df72180db5cb77dcd0cefbbffa8baa5a245e376ab250a84d29fc2...
Malicious code in pulsard-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5088b269cb089b9b077cf5a13f9b00cbb8d01375276ce1e2f1c99fc7154a46be The package pulsard-utils was found to contain malicious code. Source: ghsa-malware ff1030d82dfca7d7403806e0bd8ba645d25cddd141cb5480664a6555f2d441d7...
Malicious code in brlc-base (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4e1d5bf92d7953e1333f3d575ad749dc56b9914ae64813b2e9753a0718a2882 The package brlc-base was found to contain malicious code. Source: ghsa-malware c50e966389745dbbf1f8c81e6b0e19db8d01502091437c4148cde8991e9e314d Any...
Malicious code in @depro-tech/cortana-md (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ab02cdce682fe76e6709fc00a3df615b366f38ed30270f635ddca7b122275fc The package @depro-tech/cortana-md was found to contain malicious code. Source: ghsa-malware...
Malicious code in @sky-it-livedata-libraries/livedata-commons-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23622be0c1860486eed767780c0a0de0a46b5b0a736cd99a08ecba95fd57c411 The package @sky-it-livedata-libraries/livedata-commons-client was found to contain malicious code. Source: ghsa-malware...