59 matches found
Malicious code in @squawk/navaids (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb4f88ca950b4d0ba1fb9666f866d8c742a9b0aeeb2657fadae9ed5dcd30359c The package @squawk/navaids was found to contain malicious code. Source: ghsa-malware 62f878f444def0ffdccd14f64cba4ee46bf960745aefb09d0c0ee16ed5ded86...
MAL-2026-2591 Malicious code in @pes-ui/components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c86f728ffc679c2767dd34f810c998e9e7fa49098d757ee8a3ba6b050f1754f The package @pes-ui/components was found to contain malicious code. Source: ghsa-malware...
Malicious code in etsy-advocacy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 954b1d4bfe5cfc54379a9fc61d30f5941755592aea62781a2a17e175d6eb38f3 The package etsy-advocacy was found to contain malicious code. Source: ghsa-malware ecd69e1f886e5959e3de00ca5b1235a1c05bef9098aab53be35030cb7b8e007b...
MAL-2026-1962 Malicious code in parsejson-pro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bee06fce3066f17a6400fc1800b42e5c53eeb9826bb9672cec6ad8ff65306807 The package parsejson-pro was found to contain malicious code. Source: ghsa-malware f2f105fb92bd66d0baadfb4bc605643a2eaff5cd51a4d565f82f61e4c0cb3a71...
MAL-2026-1500 Malicious code in @storylane/shared-packages (npm)
The package '@storylane/shared-packages' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in require-in-package (npm)
The package 'require-in-package' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in transform-spread (npm)
The package 'transform-spread' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-965 Malicious code in node-native-bridge (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc9503b92533dc98c475b75c09a1c40fcec67ad7b56c488b9677c0ff0740c4d2 The package node-native-bridge was found to contain malicious code. Source: ghsa-malware...
Malicious code in awsm-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86a8778a330765a0a4f5b15960d7bba1cf4ea76946cd4395eb239af31c497330 The package awsm-core was found to contain malicious code. Source: ghsa-malware ba13f4a6fbc556808377c1e17e991b77feb5d2d08af58861be6460732cfc3d9e Any...
MAL-2025-192555 Malicious code in cms_comp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7762e8867157bd05bfa8858e8f90ecd85ed0d6cf08c2435d264b9c61ad3420de The package cmscomp was found to contain malicious code. Source: ghsa-malware e58e38c37e8492486fd771954f0b1906c083a4dd5741600ca28a0bed5dd919a7 Any...
MAL-2025-192565 Malicious code in sdbao-content-sems (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 050ceeb8145a6cac66b0539a7be8d50c66979cd72b54055f3c49c0c40823fd6b The package sdbao-content-sems was found to contain malicious code. Source: ghsa-malware...
Malicious code in get-them-args (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1885f72a03b5b12ad9795b819da4d8cbd92b5985848b3f9a057afd389de5a8f8 The package get-them-args was found to contain malicious code. Source: ghsa-malware d70e3f04273d02fdaa9555197354a75aba13abe81a22763a353d47db93ce9b32...
Malicious code in simple-icon-maker (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d8809c0049ae5c8b8cd198cb99abd3b33d600799607d44fc77777f9b0a711eb8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @testcarrot/supply2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2c6b1ac7e0d732e96fb12ebfc09964c4e8a5a58fb8b0a2dc11dab3fad6c78359 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47953 Malicious code in oxrvxalllcaj (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c188f8718a360fffb7f5a032f1b21e428c2fc9542ab537b0acd0c602b28d3a0c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47883 Malicious code in com.unity.2d.spriteshape (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5338704c6d9ca480f0ecc214b07912ff6b325612a7335034d750a40bdaf5c4b3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in pino-req (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2659b9b4bc1c25e48f12927e3b920f8b1eacccf6ddd951b110537a31a062ccf5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in bonnet-ltd (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90d8066c671e4c70fdd26ffc5ac6d901d34541c2cff4aaaf2c118c977078aec4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mediawave/lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f5728f228ecbe0dfd5db6afd530842107e9356201123b885d36418429c37ffbe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in client-authentication-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0d83929fbddd1bff9fe89b82702a66c79d3e1f6f0fe19baa7379b58472005ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...