EUVD-2025-116728

Malicious code in andromeda-config-eslint-alphard npm...

EUVD-2025-30109

Malicious code in bioql PyPI...

MAL-2025-47372 Malicious code in @art-ws/config-eslint (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b89332826cb57152a8288941846a48e6ecb1d8d979bf641a288f740c34a0b99 Any computer that has this package installed or running should be considered fully compromised. All...

Malicious code in paleomagnetism-config-eslint-terraforming (npm)

The package paleomagnetism-config-eslint-terraforming was found to contain malicious code...

@bitrefill/airfill-widget (>=4.2.2 <=4.8.3), @chialab/rna-cli (>=2.2.0 <=4.0.0-beta.22) +94 more potentially affected by CVE-2024-21528 via node-gettext (>=0.1.2 <=3.0.0)

node-gettext NPM version =0.1.2, =4.2.2, =2.2.0, =2.2.0, =0.9.1, =1.1.2, =4.1.0-alpha.1, =0.0.4, =5.2.0-alpha.13, =5.2.0, =1.0.6, =1.0.17, =1.0.3, =4.1.2, =2.0.0, =2.3.1 and more Source cves: CVE-2024-21528 Source advisory: OSV:GHSA-G974-HXVM-X689...

GHSA-PV55-R6J3-WP94 Malicious Package in eslint-config-eslint

Version 5.0.2 of eslint-config-eslint was published without authorization and was found to contain malicious code. This code would read the users .npmrc file and send any found authentication tokens to a remote server. Recommendation The best course of action if you found this package installed i...

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...