44 matches found
Malicious Package
Overview foundry-config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-4466 Malicious code in @weirdorg/config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b28e2fe6ac03c8e426aeb69f62bf0b2bd4dfdb06a5acee273bb5967186c5504d @weirdorg/config impersonates the widely-used config node-config package, copying its README verbatim including the require'config' usage example. Th...
MAL-2026-2590 Malicious code in @op-microfrontends/config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18abaf512437e5aec3a133779781406b8817f9085988e6179c886f014ee96ef1 The package @op-microfrontends/config was found to contain malicious code. Source: ghsa-malware...
Malicious code in eslint-config-ppf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7cc85236d3cad46c2333a3252ffd8e3b96ae35f96a4ea2a4cb801d17c4e07390 The package eslint-config-ppf was found to contain malicious code. Source: ghsa-malware...
CVE-2006-1844
The Debian installer for the 1 shadow 4.0.14 and 2 base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges...
Malicious code in @lessondesk/eslint-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ef9fcb377fe99dad0e34ec63a5ac929adfc5d8be48e49d330d4785e1d2a6a7f The package @lessondesk/eslint-config was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198938
Malicious code in @posthog/nextjs-config npm...
EUVD-2025-115075
Malicious code in config-ophiuchus-karma-centaurus npm...
EUVD-2025-111880
Malicious code in lacerta-backend-soap-eslint-config npm...
EUVD-2025-124405
Malicious code in node-config-non-blocking-meissa-middleware npm...
EUVD-2025-112068
Malicious code in juno-yaml-neptune-node-config npm...
EUVD-2025-120155
Malicious code in yakutsk-postgres-tool-node-config npm...
EUVD-2025-112573
Malicious code in impulse-dotenv-parse-variables-jest-node-config npm...
MAL-2025-140644 Malicious code in chalk-jest-nestjs-node-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ab344fb3ee584eae4df856234f3fd3843fd7aa00e09dcf066ce25fce9a0fe3f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-112897
Malicious code in heka-quito-pipe-eslint-config npm...
EUVD-2025-115787
Malicious code in callback-transform-zenith-node-config npm...
EUVD-2025-113903
Malicious code in eslint-config-promise-jest-winston npm...
MAL-2025-48498 Malicious code in internal-config (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in @hestjs/eslint-config (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43db3cfefa88993ac8bb063a14e25b560d13c5aa8a2af7472f72b2adb2043cd8 Any computer that has this package installed or running should be considered fully compromised. All...
@10xsai/cloudflare-router-nx-plugin (=1.0.0), @akanjs/config (>=0.0.4 <=0.0.34) +167 more potentially affected by CVE-2025-10894 via @nx/js (>=20.0.0-beta.0 <=20.9.0-canary.20250415-bc685ce)
@nx/js NPM version =20.0.0-beta.0, =0.0.4, =0.0.47, =0.0.1, =0.0.2, =0.0.4, =0.0.9, =0.0.0, =1.0.0, =1.0.0, =0.5.0, =0.4.1, =0.4.6 and more Source cves: CVE-2025-10894 Source advisory: OSV:GHSA-CXM3-WV7P-598C...