74 matches found
MAL-2026-5132 Malicious code in rookie-security-test-pkg (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1af47f1485c4c5bd3c6ee3cb7330781c1892ebc8bea1c59b0a0045c49ab8c93d The OpenSSF Package Analysis project identified 'rookie-security-test-pkg' @ 1.0.0 npm as malicious. It is considered malicious because: - The...
MAL-2026-3304 Malicious code in apcyber-test-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4386e2b20fb74fe5b131a23550b9550b4539a3f79056ea8ad08f502453409737 The package apcyber-test-package was found to contain malicious code. Source: ghsa-malware...
Malicious code in @allyfinancial/allyfinancial-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 274ff2ac2c7d1051fa268e63d390bb70d6b731bcdaebb94f87251067b62d37af The package @allyfinancial/allyfinancial-api was found to contain malicious code. Source: ghsa-malware...
Malicious code in eslint-plugin-skyscanner-dates (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fa3152c92c23ebec42990f14c77642de971e5a5464b0e7c25ecdea012ac81e4 The package eslint-plugin-skyscanner-dates was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3199 Malicious code in blackbeards-navigator (npm)
Four pirate-themed npm packages blackbeards-navigator, beusy, sirens-lament, gunpowder-ghost were published by the npm account beusy with heavily inflated version numbers 209.0.0–210.0.0, a hallmark of dependency confusion attacks. Each package contains identical malicious lifecycle scripts...
Malicious code in @m0ntana/app.web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ffd5d049b453ec288428ae1c5b369effbc0397e753720aeb3900a746bb83519 The package @m0ntana/app.web was found to contain malicious code. Source: ghsa-malware b7fdecb35a1116b81d1340d7d6cc748a050b4dde46beb279a40f6e049955ca...
MAL-2026-2869 Malicious code in arlo-meeting-assistant-rtms (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f5f17c482aef8ac270cf630fe452dacc79acbeb0b473ffd0ac640769e1a0fb6 The package arlo-meeting-assistant-rtms was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in expeewas (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bcb3aafc860058ba4e9a64c6fa7dba85b7df72d68971ef7c673245e4ac02820f The package expeewas was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in partner-tracker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf0b992863c06f797a9dddef6a493b0391094c9a2ae31fec47e961dd1afdf562 The package partner-tracker was found to contain malicious code. Source: ghsa-malware cfd28d767cd7e0db43c5c52d0b219663552acd6a5f60a34795736624c5cb612...
MAL-2026-2429 Malicious code in vv-ftend-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3096bbbc1b06c1a0df854ff812112a3d902b8a5c8926880c146f8b36e8497897 The package vv-ftend-core was found to contain malicious code. Source: ghsa-malware 31aa4449ee3c83b67dd8e118498746b83b9b02e0d8fe6c095f6d08f6c7a9b62e...
MAL-2026-2296 Malicious code in bos-decoration-elements (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cb5985779c5099333bec5b084b209c36dea0dd9fa47ef2c2d7c3630c33daaa5 The package bos-decoration-elements was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2010 Malicious code in yelp-react-component-badge (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abec06c903f4139ed298b19b96521401231e6bd0cc306e5e7015d971d5a4260a The package yelp-react-component-badge was found to contain malicious code. Source: ghsa-malware...
Malicious code in @adamallana0909/apple-research-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d8bddd202efdf484dda4f9ff697fb7eab0e1227f76c736d92e6af21a85b89fe The package @adamallana0909/apple-research-test was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-1037 Malicious code in get-fonts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d55d952f3fb507a89362a1535e7cf7d781b6f26e82c7130ca008af612bfddf4 The package get-fonts was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-837 Malicious code in notification-saved-search-settings-podlet (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2059b78866965dce7f68bf358485c0f98eeb6c9befcf4455115c5d8623013e7f The package notification-saved-search-settings-podlet was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in test-on-other-again (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c2b4e18e26bfe221e4ebcdaa18a271ea746bee1977c35172726fd753a923897 The package test-on-other-again was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in pay-by-bank-dashboard-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20c58f9aa900a5052fd440dd0a9a3e3ecb345fb4fee2be527b5af385485ee224 The package pay-by-bank-dashboard-server was found to contain malicious code. Source: ghsa-malware...
Malicious code in mapkit-example-vanillajs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5930ccf1bb06110abd9daaa0441059f428ee853e926572c4c9416ba959401d53 The package mapkit-example-vanillajs was found to contain malicious code. Source: ghsa-malware...
Malicious code in do-not-install-this-package-002 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dc0f1ed2645f37e4b8df59ccca64288a02f6cc07009489c54565dfc5b0089f19 During installation, the package exfiltrates env variables and data from different process memory to a remote location --- Category: MALICIOUS - The campaign h...
MAL-2026-193 Malicious code in cko-ui-toolkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bd7dceb0840c7e96ac7bbc186b43c5a28941546823b4a13888aad0870a5aaa9 The package cko-ui-toolkit was found to contain malicious code. Source: ghsa-malware 06a8bb4e74769e572fe928f5f3fa63fb6ebda995375148b063d1730c43c4dc06...