118 matches found
Malicious code in hellowornd (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e9b9637d126bc60120f015b0af88898fae5cf613a015fd572ab74d2554e6d7f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @43uh3ig43/telemetry-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37d4a096b834c0d9acdddefee09b0c6cb4d8c6f68513b2ebb4ec88424f491e89 On npm install, the package's preinstall, install, and postinstall lifecycle hooks all invoke telemetry.js, which collects host metadata OS,...
MAL-2026-3814 Malicious code in @zentrafinance/sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95b69f41a2a81d2acb41f5d3282c7db06d5c90f40918246184ddec6e878c5ecb The package @zentrafinance/sdk was found to contain malicious code. Source: ghsa-malware...
Malicious code in carbonite-internal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4fec002c13bf1ef1b49658e5dc490ca30515cf414294154827adadab04cbc234 The package carbonite-internal was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3334 Malicious code in fanduel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2d9b4e8ab1ef054d5774929963bc61b004f7914e48179850c51f77e67410a41 The package fanduel was found to contain malicious code. Source: ossf-package-analysis 49d980743cd761f6fb629d32e14864e720d1269e4208ec9e0f075c5e9f6eb4...
MAL-2026-3306 Malicious code in bpmn-studio (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74f940a81cf83fdce38d48caa8f864ae59438b6854a16c28b78c618441be28d9 The package bpmn-studio was found to contain malicious code. Source: ghsa-malware c4094042484c2fe0da68df30936b7782a5624bfd8c82d3ed8759a3ce66440a61 An...
MAL-2026-3196 Malicious code in react-dnd-14 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fa1ee45bae09f53b3ad9f05448438098f0561c4b694a22360be9d4fa4e86b3d The package react-dnd-14 was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2981 Malicious code in @bmg-web/bmg-button (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b59b2c3d1c98e7a5f4faae9549ed4f302c9273e1efeaee63e70f3013300327c2 The package @bmg-web/bmg-button was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @bmg-web/bmg-ajax (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9d0060c1d5029ed1bcb3ed00c20e6a283a930b13d6e93072cebb3e97e45b78d The package @bmg-web/bmg-ajax was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2560 Malicious code in @b2b-portal/uch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89eb419e1f7beb102007973e2d226cb2cb5f534096cbc2be8dc538324f3f19db The package @b2b-portal/uch was found to contain malicious code. Source: ghsa-malware e559f0d2d934ad98bda8c11ca6613644ecf3f2584bee7e75c7edf59ecda35d3...
Malicious code in @thiagoemmanuell/unhandledrejection (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c7b0d7b4bc457f62d681b55f8cd95c7759ad36fd6565ff2e3e0dd95a0faca97 The package @thiagoemmanuell/unhandledrejection was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-1584 Malicious code in wn-idv-persona-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77973c6ca0ba60bf7105d4250b88b0fd7b3304dd3fe9ead1072912d8e724b21f The package wn-idv-persona-client was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-39 Malicious code in spire.officejs-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d5bc6046960bccab3120bb794cc2c868fa2bb41e0d35028f39e2e9ca9033a80 The package spire.officejs-common was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-190588 Malicious code in @ra-ftds/ra-flourish-design-tokens (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f72b65d4ce1abb0b35aca62b21968c19b6e8e99ec60962be31a4179ba5f22bec The package @ra-ftds/ra-flourish-design-tokens was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-49364 Malicious code in supply_chain_supplyer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffb82b4b36d6e82b7dff16e757aab9bf7ffce58bcd579bd38ad7cdd98da4c3e5 The package supplychainsupplyer was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in vulnerability-test (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in ajna-rewards-snapshot (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a5ea81a48c03116271d6cc0fb54220dcc73b51b0ad8f01543f45365ec51c1de3 Any computer that has this package installed or running should be considered...
MAL-2025-48693 Malicious code in internal-links-autocomplete-id (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in hyatt-album (npm)
Malicious package does system info exfiltration, arbitrary code execution via install scripts, and a suspicious version number. The package communicates with a domain associated with malicious activity...
Malicious code in hyatt-residential-roster (npm)
Package is malware. Collects and exfiltrates sensitive data to an external server. Suspicious install scripts execute the same script multiple times. The package communicates with a domain associated with malicious activity...