68 matches found
Malicious code in bettermode-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cea8112bbccd7b047a03169d6591f7ab7f756044a4203b2435152fe708cad5d5 The package bettermode-icons was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-192606 Malicious code in sarumaan_a (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44f1d6e1dae6e429d4b5cffe6573928f3e9f5f816a3676747d786bce3c32d175 The package sarumaana was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in elf-stats-merry-cookiejar-987 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75fe8df281f1f2fce72e4cebd7dc37b97562bc7ca5bd5e5ac7da9d78d6e22cb1 The package elf-stats-merry-cookiejar-987 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in cbre-flow-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 947d73050012f020f6fdd2335ac7c8602c707fb84fb141fbfdd1e88a30ca3650 The package cbre-flow-common was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-190580 Malicious code in lululemon-b2b-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b05944949ea944b00cec776df6ca73a7d3cdb15f30d578047b75225e8c04cb45 The package lululemon-b2b-utils was found to contain malicious code. Source: ghsa-malware...
Malicious code in captcha-paypal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 358456d344b5a4b2a92cb9b9094bafcf797200b5a0b6549e46175fbbfff70fa4 The package captcha-paypal was found to contain malicious code. Source: ossf-package-analysis...
CVE-2025-64106
Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the...
Malicious code in shopifyql-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22c1e659f820da451cb67b3bf646d2511ccc31118a06138dbe97687430e7bbb4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48401 Malicious code in supplychain-firewall-benchmark-hello (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 19af5203b034f6420f173bf6e45719afeb28ecfe359a8858cbe814fe3cd55d11 The OpenSSF Package Analysis project identified 'supplychain-firewall-benchmark-hello' @ 1.10.2 npm as malicious. It is considered malicious...
EUVD-2022-45207
Malicious code in bioql PyPI...
Malicious code in mahmoudtest (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 72d145d1c87ce8ee88e57350f32db7041f4a990fa68d1cba09cf285ef03959a8 Any computer that has this package installed or running should be considered...
MAL-2025-46924 Malicious code in advisory_db_toolkit (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6f9757e1ad29ad430d32886a0fcfa47e48a29e5e4af901f48e305216133028e6 The OpenSSF Package Analysis project identified 'advisorydbtoolkit' @ 99.99.99 rubygems as malicious. It is considered malicious because: - The...
MAL-2025-46937 Malicious code in monolith-twirp-support-helphub (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 97a64bd75388afe20d55befa04ed845034b1a467cace9204788c98fd29240024 The OpenSSF Package Analysis project identified 'monolith-twirp-support-helphub' @ 1.48.0 rubygems as malicious. It is considered malicious...
MAL-2025-41432 Malicious code in rncalltestapp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6fc98db0c619f19a0f211657b4cb50fafbe8c2126e93956f356f5077b62d285d The OpenSSF Package Analysis project identified 'rncalltestapp' @ 5.0.1 npm as malicious. It is considered malicious because: - The package...
MAL-2025-41431 Malicious code in my-first-npm-package-1337 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 622f63f2210c8958193f9ce9c83001c67fc6cf798441e7235c0aa4c7f1efa82f The OpenSSF Package Analysis project identified 'my-first-npm-package-1337' @ 1.0.2 npm as malicious. It is considered malicious because: - The...
Malicious code in theme-rushstack-suite-nav (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 074f653dbf45333a4bcc8de28235ca35817a8f8c9e06e26b07010a325b039aa7 The OpenSSF Package Analysis project identified...
Malicious code in eslint-oldest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f80ac33a577e9ac06744364bddec668b736dd3e0f4a48d532c2dbdcb368e21b0 The OpenSSF Package Analysis project identified 'eslint-oldest' @ 99.0.9 npm as malicious. It is considered malicious because: - The package...
Malicious code in google-webfonts-helper (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ba7d8c4c4151033fdccecb7ed439075f6c8eb39490462dd7b25aac68d2a22482 The OpenSSF Package Analysis project identified...
Malicious code in formatjs-internal-intl (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 93108c8da3931417e2009ddb17d45ffd86062e129a805a7ff62f3361780fd2d6 The OpenSSF Package Analysis project identified 'formatjs-internal-intl' @ 1.0.0 npm as malicious. It is considered malicious because: - The...
MAL-2025-5249 Malicious code in nstmrt-stf-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0da052c315a64ad23ddcebd853a91fc2f81597d0cd587326b5f7554911cc9d73 The OpenSSF Package Analysis project identified 'nstmrt-stf-api' @ 1.0.10 npm as malicious. It is considered malicious because: - The package...