MAL-2025-3051 Malicious code in @hongfangze/proc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f03a11e4b797bafcba512ee070a89bb308a5c0822ca5da8a5c5b580d8269c326 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3055 Malicious code in @hongfangze/string (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91ee35af30acd3517cea9a097e00846a80a50fb6888854e7356c5175841b91d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3032 Malicious code in @atulrv1day/unusedpackage (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77df872b6f487ff391d16643aa0a160f89d08f54054931319a0bdb4bc172aaf1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3061 Malicious code in accountlifecycleserv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16f34b0df0c6872e171130fd0bc4e705f393a5c3a6160b222dab34564f599b92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in niji-react-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6b0f37153a7862a4b1e5abd871385e93b6535a8bb834f03fc9bb83b9e7be6640 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3081 Malicious code in niji-react-textarea (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db947d966d8d0b7be248b2cc89616fdf14c8a5f7b2d6c7ca11dbfebe6e851914 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in airbnb-dls-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d026d9563a73efac2558b2cf71cd6696600aecb85004606ba3dd3a87100bad0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in nemo-dast-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38ea0189209023ae2d04586bfbc3d791022f0fa6052dee65ec03832a80ce67a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3059 Malicious code in @nationalgeographicsociety/ngsui-core-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c79788b32fb541eecf3d0b0268cd2e201328ab9caf252358c1f9106c193acf3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3071 Malicious code in mahesh.dojo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c8bce47a87fb6050b1d2865e5c616c2b3deaaed0cd8b0346e0ede24ecd94371 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3058 Malicious code in @nationalgeographicsociety/ngsui-addons-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d522cf6892b9363520f72cb2c024bbcf7d63238df065658694ca622082b1be9b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-14510 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.503 and earlier Jenkins LTS versions 2.492.2 and earlier Description: A missing permission check in Jenkins allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent,...

PT-2025-14511 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.503 and earlier Jenkins LTS versions 2.492.2 and earlier Description: A missing permission check in Jenkins allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gainin...

MAL-2025-3030 Malicious code in tap-hook (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38014122a47ebabc0283f0c580225739db6f224a32ff0efcd2654bb06b9f87b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in keypair-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 568ba985579400ab47e546c13e36f6e7d3ff6e81d4411918b10eee2f384b349c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3027 Malicious code in keypair-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 568ba985579400ab47e546c13e36f6e7d3ff6e81d4411918b10eee2f384b349c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in saur-states-management (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ea1a784370593280b753e8399646e784b8943d916746c457cec2ed388edb8b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3026 Malicious code in yass_eal_abcdef_ssdsf_dsfsf (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9708c11d4bdfb0c8887d90f2cd1def69498544a363191b5f3ca7b3bbeff52b88 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3023 Malicious code in saur-design-sys-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38ce332406d603c2b916dbfea623aeb47ea1355d2785e4a18802cb36346bb86e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in agentbse (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cbc1a3323e35cbce1ddc24ab20a734247f6aaa56a638b8a7eb30c49b18e4278f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...