CVE-2021-33448

An issue was discovered in mjsmJS: Restricted JavaScript engine, ES6 JavaScript version 6. There is stack buffer overflow at 0x7fffe9049390...

Malicious code in sort-imports-es6-autofix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20061f2672fcbe82b13ab8e09c629d93991ef45200bb30c7bf9a1dc78cbb4230 The package sort-imports-es6-autofix was found to contain malicious code. Source: ghsa-malware...

Malicious code in vite-plugin-es6-compat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3963df81ab545839d03c3c54ab9ee88549e38a44b32fe6ad05002d554da780b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48915 Malicious code in vite-plugin-es6-compat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3963df81ab545839d03c3c54ab9ee88549e38a44b32fe6ad05002d554da780b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vite-babel-plugin-es6-promise (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19412e443845747fa7d9b029fb4b869a17e57e3fc01783407a17684f0e1ad1d8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48322 Malicious code in vite-babel-plugin-es6-promise (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19412e443845747fa7d9b029fb4b869a17e57e3fc01783407a17684f0e1ad1d8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-33736

Malicious code in vite-plugin-es6-babel npm...

Malicious code in vite-plugin-es6-babel (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 04fac94db34a750bac1ae88f46269718450d383d01b84a102872d0a2f6748918 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2021-20149

Malware in sbrugna...

EUVD-2021-0844

Malware in sbrugna...

EUVD-2021-20152

Malware in sbrugna...

EUVD-2021-20141

Malware in sbrugna...

EUVD-2021-20153

Malware in sbrugna...

EUVD-2021-20146

Malware in sbrugna...

EUVD-2023-33022

Malicious code in bioql PyPI...

MAL-2025-47740 Malicious code in vega-morphcharts-test-es6 (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in @yoobic/jpeg-camera-es6 (npm)

Suspicious postinstall script executing bundle.js and the presence of unsignedbitwisemathexcess YARA rule match indicates malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38de35c3ae3f0f156a77b94484f3774c14c293d3e37531ec74c8277fde1ad5c7 Any computer that has...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

MAL-2025-19813 Malicious code in es6-prmoise (npm)

The package es6-prmoise was found to contain malicious code...

MAL-2025-19811 Malicious code in es6-demo-react-npm2 (npm)

The package es6-demo-react-npm2 was found to contain malicious code...