74 matches found
MAL-2025-192950 Malicious code in ing-feat-ui-image (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14224c001e46452a2945aa0f8597214b5f82350c3aeddc53076f9759ce948e18 The package ing-feat-ui-image was found to contain malicious code. Source: ghsa-malware...
Malicious code in bettermode-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cea8112bbccd7b047a03169d6591f7ab7f756044a4203b2435152fe708cad5d5 The package bettermode-icons was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-192606 Malicious code in sarumaan_a (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44f1d6e1dae6e429d4b5cffe6573928f3e9f5f816a3676747d786bce3c32d175 The package sarumaana was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in elf-stats-merry-cookiejar-987 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75fe8df281f1f2fce72e4cebd7dc37b97562bc7ca5bd5e5ac7da9d78d6e22cb1 The package elf-stats-merry-cookiejar-987 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in cbre-flow-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 947d73050012f020f6fdd2335ac7c8602c707fb84fb141fbfdd1e88a30ca3650 The package cbre-flow-common was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-190580 Malicious code in lululemon-b2b-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b05944949ea944b00cec776df6ca73a7d3cdb15f30d578047b75225e8c04cb45 The package lululemon-b2b-utils was found to contain malicious code. Source: ghsa-malware...
Malicious code in captcha-paypal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 358456d344b5a4b2a92cb9b9094bafcf797200b5a0b6549e46175fbbfff70fa4 The package captcha-paypal was found to contain malicious code. Source: ossf-package-analysis...
CVE-2025-64106
Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the...
Malicious code in shopifyql-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22c1e659f820da451cb67b3bf646d2511ccc31118a06138dbe97687430e7bbb4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48401 Malicious code in supplychain-firewall-benchmark-hello (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 19af5203b034f6420f173bf6e45719afeb28ecfe359a8858cbe814fe3cd55d11 The OpenSSF Package Analysis project identified 'supplychain-firewall-benchmark-hello' @ 1.10.2 npm as malicious. It is considered malicious...
EUVD-2022-45207
Malicious code in bioql PyPI...
Malicious code in mahmoudtest (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 72d145d1c87ce8ee88e57350f32db7041f4a990fa68d1cba09cf285ef03959a8 Any computer that has this package installed or running should be considered...
MAL-2025-46924 Malicious code in advisory_db_toolkit (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6f9757e1ad29ad430d32886a0fcfa47e48a29e5e4af901f48e305216133028e6 The OpenSSF Package Analysis project identified 'advisorydbtoolkit' @ 99.99.99 rubygems as malicious. It is considered malicious because: - The...
MAL-2025-46937 Malicious code in monolith-twirp-support-helphub (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 97a64bd75388afe20d55befa04ed845034b1a467cace9204788c98fd29240024 The OpenSSF Package Analysis project identified 'monolith-twirp-support-helphub' @ 1.48.0 rubygems as malicious. It is considered malicious...
MAL-2025-41432 Malicious code in rncalltestapp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6fc98db0c619f19a0f211657b4cb50fafbe8c2126e93956f356f5077b62d285d The OpenSSF Package Analysis project identified 'rncalltestapp' @ 5.0.1 npm as malicious. It is considered malicious because: - The package...
MAL-2025-41431 Malicious code in my-first-npm-package-1337 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 622f63f2210c8958193f9ce9c83001c67fc6cf798441e7235c0aa4c7f1efa82f The OpenSSF Package Analysis project identified 'my-first-npm-package-1337' @ 1.0.2 npm as malicious. It is considered malicious because: - The...
Malicious code in theme-rushstack-suite-nav (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 074f653dbf45333a4bcc8de28235ca35817a8f8c9e06e26b07010a325b039aa7 The OpenSSF Package Analysis project identified...
Malicious code in eslint-oldest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f80ac33a577e9ac06744364bddec668b736dd3e0f4a48d532c2dbdcb368e21b0 The OpenSSF Package Analysis project identified 'eslint-oldest' @ 99.0.9 npm as malicious. It is considered malicious because: - The package...
Malicious code in sdp-transform-writer (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5a7fe67cbf547a37aaa2286e629788d404dbcc306a63bd6edbd4101513e27138 The OpenSSF Package Analysis project identified 'sdp-transform-writer...
Malicious code in @navancorp/ta-travel (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 475cb3266e9f473c951bb35f87e31b76f08d312ee1916977eb7a125f339f7b7a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...