74 matches found
Malicious code in google-webfonts-helper (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ba7d8c4c4151033fdccecb7ed439075f6c8eb39490462dd7b25aac68d2a22482 The OpenSSF Package Analysis project identified...
Malicious code in formatjs-internal-intl (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 93108c8da3931417e2009ddb17d45ffd86062e129a805a7ff62f3361780fd2d6 The OpenSSF Package Analysis project identified 'formatjs-internal-intl' @ 1.0.0 npm as malicious. It is considered malicious because: - The...
MAL-2025-5249 Malicious code in nstmrt-stf-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0da052c315a64ad23ddcebd853a91fc2f81597d0cd587326b5f7554911cc9d73 The OpenSSF Package Analysis project identified 'nstmrt-stf-api' @ 1.0.10 npm as malicious. It is considered malicious because: - The package...
Malicious code in raise-http-server (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec0703ba285b347d94b33a68fa9cf671e9118ede49585fc79f8716d46574e04a Any computer that has this package installed or running should be considered...
MAL-2025-4664 Malicious code in new-presentation-api (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 542a173ba956753bc3d1570cb407b09ae92c7d5690bfacf0aa1bc2aa01f94990 Any computer that has this package installed or running should be considered...
Malicious code in ort-web-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3e179ffca16c7ee28162f57656f14612c34005f447e5f557edc742a4dd9120e6 The OpenSSF Package Analysis project identified 'ort-web-template' @ 100.100.1337 npm as malicious. It is considered malicious because: - The...
Malicious code in document-inference (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0519099776ddb5cbd1778fa5f043a1cad34d94d5116ae895120aba38608e7eb0 Packages that seem to be created by a legit bug bounty hunter. Designed to look like created by different organisations, they contain a couple of data...
CVE-2025-44866
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
Malicious code in n11-chatbot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a368f528c1eb4b3da0f52628aed3b3e5ca54083842086c30a70a91d1110a3cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ESRI ArcGIS AllSource Untrusted Search Path Vulnerability
ESRI ArcGIS AllSource is a Intelligence Analyzer software developed by ESRI. An untrustworthy search path vulnerability exists in ESRI ArcGIS AllSource, which can be exploited by an attacker to execute malicious commands...
Malicious code in cros_infotest_1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d49ce8fd236e1053b560be3f562809f285f0a971956a6466386bb6be5df13de7 The OpenSSF Package Analysis project identified 'crosinfotest1' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in snap-kit-react-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 591274c196648c43d806cc38ac33a04319ff82c5c4c9b1028590552c1fe4a841 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @aoflmkt/app-call (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7ceabbeb0d20f6267c8883498e7c31aa52148eff458969a12d2397d930978d85 The OpenSSF Package Analysis project identified '@aoflmkt/app-call' @ 100.100.106 npm as malicious. It is considered malicious because: - The...
MAL-2024-11234 Malicious code in adminconsole (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88480db379ccb5378aada30388162f00d8033acb86b62e8d2e490533646c4a4d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in finn-pulse-init (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8556cda5df574e7c339a9e910f83692fefe384dd8c3c1107fafd270c8057a170 The OpenSSF Package Analysis project identified 'finn-pulse-init' @ 1.0.7 npm as malicious. It is considered malicious because: - The package...
MAL-2024-10740 Malicious code in spirvls (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bba9fe6fc980865e5643c34c0726f1a0f4fddf0e445aa865036b6024d56026b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in arkoselabs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16b2091fae4c54db03b3115cf52717160432074803439f716332ff9c35482ba7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in atg-superagent-retry-delay (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 75f0747e74a5e0a7d519918b8aceef9e8f4f9eaa0ad1854c1954276bb1c5166c The OpenSSF Package Analysis project identified 'atg-superagent-retry-delay' @ 100.100.100 npm as malicious. It is considered malicious because:...
Malicious code in @the-c-company/common-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e18cae6ce0c3de2fe7988c316471f5383433deaa0e8b9bf0376b69b634188218 The OpenSSF Package Analysis project identified '@the-c-company/common-utils' @ 1.0.0 npm as malicious. It is considered malicious because: - Th...
Malicious code in marvinjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 965b7b4455eec757889260ad7d11671ee747f1d78f5ccca323303d223f246c43 The OpenSSF Package Analysis project identified 'marvinjs' @ 5.5.6 npm as malicious. It is considered malicious because: - The package...