3 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Malicious code in @dtpk-cc/components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e0b1e4b6fe7f3d42a2752aea1642dd9191f6afeb4dcca96ef97a65b5af5cb192 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-14188 Malicious code in airbnb-es5 (npm)
The package airbnb-es5 was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 8210336cb16ae6428e936268a05b3f57769d39cfc48cbe662870575dc1faf80b This package installs a dependency hosted on a custom domain that runs an info...