EUVD-2025-30107

Malicious code in bioql PyPI...

Malicious code in @art-ws/db-context (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 72aeba541e18c7562da7a71bea780fecdb34e6a64f033ee26245d2349ca786df Any computer that has this package installed or running should be considered fully compromised. All...

MAL-2025-47374 Malicious code in @art-ws/db-context (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 72aeba541e18c7562da7a71bea780fecdb34e6a64f033ee26245d2349ca786df Any computer that has this package installed or running should be considered fully compromised. All...

@art-ws/common (>=2.0.3 <=2.0.24), @art-ws/db-context (>=2.0.3 <=2.0.20) potentially affected by unknown CVE via @art-ws/slf (>=2.0.1 <=2.0.2)

@art-ws/slf NPM version =2.0.1, =2.0.3, =2.0.3, =2.0.20 Source cves: unknown CVE Source advisory: SNYK:JS-ARTWSSLF-12744479...

@art-ws/db-context (>=2.0.10 <=2.0.20) potentially affected by unknown CVE via @art-ws/common (>=2.0.10 <=2.0.21)

@art-ws/common NPM version =2.0.10, =2.0.10, =2.0.20 Source cves: unknown CVE Source advisory: SNYK:JS-ARTWSCOMMON-12744467...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...