560 matches found
MAL-2026-5103 Malicious code in @osamdefeirrighs/testhackfrrferrr (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc1c3467aded71e3ee2e4dbb16bac4d9257a03410188ea98624a09a4263825c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5111 Malicious code in @redhat-cloud-services/chrome (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in private-next-instrumentation-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6453af923aa8f8a1c7ab67406fc29c333830e59f44ea080bbb5c3c6727e0aef2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5066 Malicious code in ethers-hash (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d77270819f9736bb8e5eaba898605cbe713dfaf9b06c2ad539aa29f77651aba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @service-user-notifications/set_refresh_interval (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b13124f8eaabc2481894f69a70d43e10c28911bd5e2ef7e23716ae26b1113f5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4841 Malicious code in @hcs-hybrid/uirouter-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27a0d7e172f9959faebfaed919369b4cd7a6321d9ae58986de045174908d431c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in int-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 369f6932b06597ffc51269a3c2634d158a10270a5c79eb9e4842818e8570c544 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4310 Malicious code in explorhub-ai-agent (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6608fa84304d8e7344518aab88e30f2b2a95aff43b2adbb664126857a14c5b45 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4343 Malicious code in wnba-parent (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61f696f0e2dd839f3a95ac5bfd9e38dd4b3910253ae2d56e79fe088a08519db1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in flow-parser-oxidized (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 656e2f1d3b8c65b9726bb52918453404799c461b0db5ae89061e6b740aa4862d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4239 Malicious code in etherjs-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 335b4f699510e2bb1171a9137655f6977d5554f508e612eab97b4239c1249be1 package.json declares a postinstall script that performs an HTTPS GET to an ephemeral pinggy-free.link tunnel URL...
MAL-2026-3824 Malicious code in parse-regex-string (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d7619f0cfdbd6c6bd09c366186aa4b333ed935b4bc33580097d598b3fc8bd5b The package parse-regex-string was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3797 Malicious code in dowload_ebok_stalking_jack_the_ripper_by_kerri_maniscalco_james_patterson_b529t (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1486e8a5f17dfc7a56252ff489f714a2ab7a0befd20da59b43d93d31f8587149 The package dowloadebokstalkingjacktheripperbykerrimaniscalcojamespattersonb529t was found to contain malicious code. Source: ghsa-malware...
Malicious code in @beproduct/nestjs-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eead7b1c6446924fec345e042b8bd966ea184deae755f876326cf99040f5f107 The package @beproduct/nestjs-auth was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3505 Malicious code in ts-dna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90ca06cbc068262aa930c182a5904cba8d5748f32663b648a0b78a183f4fe219 The package ts-dna was found to contain malicious code. Source: ghsa-malware a5660e49e1a2b3661bdf6ce230d7f75889675d5690086f7da2a2a04391dd13a5 Any...
Malicious code in deployment-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a1345a90cd18e2bfa245f91057cca34707e7d325f4318263176d9fbcef25c1a The package deployment-core was found to contain malicious code. Source: ghsa-malware eca5b6ddf4f0df1086d272518f3383c140b5641ecf506100d93a352e2135441...
MAL-2026-3283 Malicious code in temhe-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c9e5d48f36a9f7f2fd80c126d14811be70cc210a382e9edc85d3bc1c4c62968 The package temhe-dev was found to contain malicious code. Source: ghsa-malware 117ca92e4f6c30bab5d2538e054b527cadbd72387d055860a3baf428e279c116 Any...
MAL-2026-3265 Malicious code in @bcs-bank/common-constants (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9c84c16934aaaeda86ed317c33795f796252ac98aaf9f39208575837332b372 The package @bcs-bank/common-constants was found to contain malicious code. Source: ghsa-malware...
Malicious code in internal-sys-audit-check (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24fa7464d076e1807141a149346864e59a44c3b8e2731c02e05c9d93d0dcf487 The package internal-sys-audit-check was found to contain malicious code. Source: ghsa-malware...
Malicious code in tailwind-text-fill (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe1d70f1253bacbb57d827b49a08cede06a039323a86af19cebaa08cefe2cbdd The package tailwind-text-fill was found to contain malicious code. Source: ghsa-malware...