Malicious code in hifromhere1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82931dc7313b2b9b93b8664655cbe445702e0fdcf1cc7e587b27758d2ef9cda1 The package hifromhere1 was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2662 Malicious code in @automation-toolchain/f5-cloud-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bfc189949f1db0cdc70361f74210d6fe3f92c3e69ddad9491d9c7615465f9c6 The package @automation-toolchain/f5-cloud-libs was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in cw-isdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae10c11f397ea01855bd467e8a77fc7f7ccb97477c54bfee0bae46cd5c324ca4 The package cw-isdk was found to contain malicious code. Source: ghsa-malware 54e686b27022344685c371190035a9586a04498a711c2456bdd9b5644c43c833 Any...

CVE-2025-65827

The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an adversary located "upstream" can intercept the traffic, inspect its contents, and modify the requests in transit. TThis may result in a total compromise o...

MAL-2025-191974 Malicious code in elf-stats-wintry-northstar-674 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b7bc183055d78b3145c502a959b208876ab67dcd3e5ccd1da2a97731914fa6c The package elf-stats-wintry-northstar-674 was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-42144 Malicious code in library.cycle.e (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73b010d9a667293958470880270b863c3eae2d00bdca71e08f3bddcbfd0947c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-41297 Malicious code in image-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d039c00b9a8017cedcf0b37cf3a3497b17065bfff2570e247e7245fd2f6b5a4f The OpenSSF Package Analysis project identified 'image-agent' @ 99.0.9 npm as malicious. It is considered malicious because: - The package...

MAL-2025-6882 Malicious code in web-bluetooth-spp-application (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bdbd2a9a0d851f1dae6e50f3c00e0b0839441f59b05d4e49f753afe278cd0ca9 The OpenSSF Package Analysis project identified 'web-bluetooth-spp-application' @ 2.0.1 npm as malicious. It is considered malicious because: -...

Malicious code in boss-eeeeeeeeeeeeeeui (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Malicious code in advanced-korean-search (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Malicious code in spotify-test (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6325 Malicious code in webxr-input-profiles (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in pp-react-utils (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d146bfc260c9899fbca17ca2d9a3084b57ba2c8245e364316af0a3c9ed4a6153 Any computer that has this package installed or running should be considered...

Malicious code in mi-permission (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in dmpconnectjsapp-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d21050916c0e5222db92b8c6056e3a60fbf54f55cebefb5509a15453c20d68b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in architecture-viewer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4282b66b0052ca80f8717181dbf7b0b94e88433b9e37f9ae718531960f9ddcbd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in adyenaddon (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4954f0f5ce68df460bab2cdeec79f35ea8d3aa5eac320bf43ed08d72b1495d0d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pages14.0.0_i18n (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eaed3f8870b4796bd4fc8667ec8911ddba466acaed945970ce6cf2f67e2630a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in whaletail (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-504 Malicious code in instacart-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5184795ac94ad2980f5b2eef95d313e8d6a2d491d42d3d3158a901aaf92d0bee The OpenSSF Package Analysis project identified 'instacart-parser' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...