MAL-2026-2261 Malicious code in monolith-twirp-pullsd-repositories (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1c34eecc811d04d6583504ad631024a727df5e2107a1025a2786bf8a56a59d3a The OpenSSF Package Analysis project identified 'monolith-twirp-pullsd-repositories' @ 1.0.10 rubygems as malicious. It is considered malicious...

MAL-2026-1426 Malicious code in @3stripes/common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cf6f6a1fb0e79c716386545df6b4a1e4df689bf6b35e741c28150cc3fad072a The package @3stripes/common was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in dc-web-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b4a9ee6e67e1a649fe34c92b180cb1de89af4ac592d918fd7806dcc7aeccb53 The package dc-web-app was found to contain malicious code. Source: ghsa-malware eb1d0c37e10d0f166990673f475cf3b1686c9f8b8ffd25199d48e3ddc45edb85 Any...

MAL-2026-49 Malicious code in diskho (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d03f656f5769803487abac8cada65f7f7a80d04ecbb9c39633408b2c48a157b5 The package diskho was found to contain malicious code. Source: ossf-package-analysis b944051826f01c581baeba101564a1e463b08dc5ba4353b9598eff67ebddc9f...

MAL-2025-191476 Malicious code in atlassian-praz (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 06798e3c48471c4e66160030618f78c51d71d2a7660c5545648cf7902b3eecd4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-190591 Malicious code in @ra-ide/extension-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a7aa2bba6ddffad751c19fd8291861f53b9994814f0cecb8925b7c2d5c87ae5 The package @ra-ide/extension-ui was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in naftis (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb1f0b6ee3c57373a787813a9b3df26e367df1e7f1601d9986d58a352c48fa49 Any computer that has this package installed or running should be considered...

Malicious code in dex-creator (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a45a7bed266fa05cf91945ed835fdf225abff89dd8dcde90c90dc769b04e15e3 The OpenSSF Package Analysis project identified 'dex-creator' @ 2.0.0...

MAL-2025-41818 Malicious code in azure-service-bus-emulator-node-sample (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 871b655dee4c193ddb7e1b7be9e6a50920aa93049ffc2e663d74a7a5cc79ebff The OpenSSF Package Analysis project identified 'azure-service-bus-emulator-node-sample' @ 10.0.1 npm as malicious. It is considered malicious...

MAL-2025-41881 Malicious code in @espace-client-axafr/popin-footer (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in @hoyowave/jsapi (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in my-internal-util-alpha03 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e5226a39e582ae7182e19ff891ade0e29cd6e15705fa87bd0bd0757a8a0796c8 The OpenSSF Package Analysis project identified 'my-internal-util-alpha03' @ 99.9.10 npm as malicious. It is considered malicious because: - The...

Malicious code in slack-astra-app (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-6328 Malicious code in triple-equals (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d65cc69dec9f320438a4209e4c952480d78b96c779a019b6a09c04499b9e3edc When imported, the package attempts to exfiltrate environment variables and basic user info --- Category: MALICIOUS - The campaign has clearly malicious intent...

Malicious code in groq-mcp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f310f1669db9ce74e36d92085a6a67098f7c0ee086d8da5998b709d565a3fe12 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-3788 Malicious code in f0-flow-resolver (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c42aceb0889ce5fb0fad4c698354a5a1df80d9432c36717c49a273f233cc9cf2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3084 Malicious code in daos.fun (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6981bbd2419a973811f38b35a5dcf95ec496a17e132d0d95f86314cfb32cd914 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in battleships-player (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7f55e61730d5debfe618f877b3d6dc9b51670a3d2a036da104e18c94f35041b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1517 Malicious code in quickwit-ui (npm)

This package runs commands on import that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac59f539efc4d8596e823182d97cdc7a461e965894dec0aabb807585cd5c92ea Any computer that has this package installed or running...

MAL-2025-1515 Malicious code in @starkgate-v2/web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd18cb51b9bfc804c264ad648ce51fda4711022cb95ee99b35e70739222662ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...