490 matches found
Malicious code in tailwind-clamps-line (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 091842cb2bfe94e715b2bfec88b04625ea3350097c037d2b172483905633c20e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4316 Malicious code in internallib_v95 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 446fa224122b28950a2a22289bd7a9bf4a29861cde218c495651e1e58da37176 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in explorhub-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 156c492a22f3ae2339a227b3fc1e30bf19ca34e641b031fd2790af69807d0881 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4282 Malicious code in prompt-engineering-toolkit (npm)
Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...
MAL-2026-4240 Malicious code in ethers-multicall-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe5e969b4ca41dbbd6ef1c04c12d48906ea4477b39493e766045effd4939d748 On npm install, the package's postinstall script spawns node -e to run an inline childprocess.execSync that curls a binary from...
Malicious code in mrgn-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e0d991ca84319ea7151b66ece28c7cfe860d1523b6926f63a60d13d7b96dded Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in hardhat-core-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b62021752710dce40c5fa0491b2c8e75454d25ee7e80bd15e3b5a99ace923ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3657 Malicious code in chai-as-streamed (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fef1582aa7fb15599bd48e6f077be4d1a577d3916cf2c2650893f0406ede8ea3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3485 Malicious code in @tanstack/solid-start-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4905d7bb1a4d6f69ec73fe4cc8fa958262fcab1397fed5725ac39db447f6239a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3481 Malicious code in @tanstack/solid-router (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 79e1b5cf7bf19cbf81420be17e5aad851d9f2e2943848f3a4b295e2ed7a8ed2c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tanstack/react-start-rsc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54678e0e02befdbc43f928e36fa9a25991d3eb222775849d4225eab0480904f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in deployment-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a1345a90cd18e2bfa245f91057cca34707e7d325f4318263176d9fbcef25c1a The package deployment-core was found to contain malicious code. Source: ghsa-malware eca5b6ddf4f0df1086d272518f3383c140b5641ecf506100d93a352e2135441...
MAL-2026-3268 Malicious code in @bcs-mi/store (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32fb1f804a47c0e11e62bab82cc978af199c0517a91965fb2bfd34f226237d34 The package @bcs-mi/store was found to contain malicious code. Source: ghsa-malware cc97afe6281e170826ea8ad4c189a9d5bb874fe69ca97da0e2bbdf327e33ba91...
Malicious code in apple-internal-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16ae120f182e305f15d778dfe594aa3f79076b93b5bd4be77f293fdf08c5e12a The package apple-internal-config was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3019 Malicious code in hls.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96d28bd3e78b3ca60b3356380f0d7931659606c2b5def5865480d838ad21a0b3 The package hls.js was found to contain malicious code. Source: ghsa-malware 04b58b7f11fd42610f3056d4bc9aa84804d2ab9e657d7b84771cec1efe363ba9 Any...
K000160944: Axios NPM supply chain attack MAL-2026-2306 GHSA-fw8c-xr5c-95f9
Security Advisory Description Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer ma...
Malicious code in npm-doc-deploy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a8ae6448e13630c5243e98e1794e9b2f57b0e999d4c31687f0db0f1665496f9 The package npm-doc-deploy was found to contain malicious code. Source: ghsa-malware f7938c30cf6da645723648c4c43979c97d7c006933fb24ccab60154f1cc5d084...
Malicious code in chatbotloader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78643cb5d37687c0eac0935734bac95f23c01b64ded6bb2f2f090542324042ac The package chatbotloader was found to contain malicious code. Source: ghsa-malware 88ccdb3c34d69b2e53f62caa6b7e61f32e7868fa5893d6fd6d09662189d10b34...
Malicious code in ms-affiliate-links (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 341048b16926b4d40796ca96aef3816934a2b84602c26451638154b6d90ab5d8 The package ms-affiliate-links was found to contain malicious code. Source: ghsa-malware...
Malicious code in stats-api-js-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a84f9d7eef71d2b99a244ec63f5144ad80a0084e6c20fc903a1bbce208ad9777 The package stats-api-js-client was found to contain malicious code. Source: ghsa-malware...