Malicious code in cooler-loans-api-get (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4bf5016290eaec4debcd0e35dda5e684927f8e80c05f9ca16252c71ea8cca6de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @eqder/bird (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7acc999c2ea175e62266081a166ad731b10ac9621b965f28186121fbece6a1bb The package @eqder/bird was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-48946 Malicious code in @eqder/bird (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7acc999c2ea175e62266081a166ad731b10ac9621b965f28186121fbece6a1bb The package @eqder/bird was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in haedal-vaults-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4cdc575f935d62b37b17082181381a8002b5784fedda1dfc854ef2f74f39edf6 The OpenSSF Package Analysis project identified 'haedal-vaults-sdk' @ 1.6.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in stopme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0c64e2664020a21b1ba2591990d854c1b1f8e37b00d8e6bc91f1e8703d5f9416 The OpenSSF Package Analysis project identified 'stopme' @ 17.0.0 npm as malicious. It is considered malicious because: - The package communicat...

MAL-2025-48547 Malicious code in stopme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0c64e2664020a21b1ba2591990d854c1b1f8e37b00d8e6bc91f1e8703d5f9416 The OpenSSF Package Analysis project identified 'stopme' @ 17.0.0 npm as malicious. It is considered malicious because: - The package communicat...

Malicious code in integration-date (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a2e54fa8253e6821f9fb22a4f137efeb0d32a0b8836faefa95df004781dfce8e The OpenSSF Package Analysis project identified 'integration-date' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in npmrunnode-fetch-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 74027deb8f96cb586a9b82484dbb7818ccfbbfdd2147a05fdae660aad4211e53 The OpenSSF Package Analysis project identified 'npmrunnode-fetch-test' @ 1337.1.0 npm as malicious. It is considered malicious because: - The...

MAL-2025-48529 Malicious code in npmrunnode-fetch-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 74027deb8f96cb586a9b82484dbb7818ccfbbfdd2147a05fdae660aad4211e53 The OpenSSF Package Analysis project identified 'npmrunnode-fetch-test' @ 1337.1.0 npm as malicious. It is considered malicious because: - The...

MAL-2025-48528 Malicious code in canary-ng (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 74897d1cb26c40f57347ed1208575b63c7c1feb3a92ea2bef8bc84db2700bd8a The OpenSSF Package Analysis project identified 'canary-ng' @ 1337.1.0 npm as malicious. It is considered malicious because: - The package...

CVE-2025-60507

CVE-2025-60507 describes a cross-site scripting vulnerability in Moodle GeniAI plugin (local_geniai) version 2.3.6. An authenticated user with the Teacher role can upload a PDF containing embedded JavaScript. The system outputs a direct HTML link to the uploaded file without sanitization, enablin...

MAL-2025-48463 Malicious code in shopifyql-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22c1e659f820da451cb67b3bf646d2511ccc31118a06138dbe97687430e7bbb4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in saifulhhacker.site-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 799872f05cf82512e4778c79a96861577979b541fd1ef8d98740eb4a7a8e0c16 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48462 Malicious code in saifulhhacker.site-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 799872f05cf82512e4778c79a96861577979b541fd1ef8d98740eb4a7a8e0c16 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in iwf-ant-design-draggable-modal (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b9b3eeea0f26e99c27bbddc1d9e0940e5787aed77004f10d056d9fb1ded4dd8f Any computer that has this package installed or running should be considered...

MAL-2025-48457 Malicious code in src_dev-tool_index_ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a6c5f130294b305df1adf1e497c66d81ec09ddeffb8bb6d0c486644336706558 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in src_bootstrap_index_ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb71b0fdc460dc56a61d68833f900a43ed10f7bb2eb8ca4d2065f9a700baa7be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48455 Malicious code in src_bootstrap_index_ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb71b0fdc460dc56a61d68833f900a43ed10f7bb2eb8ca4d2065f9a700baa7be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48458 Malicious code in src_plugin_index_ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 396cc58d08775057aef35e59ad51a28c7379449f6f00332d193138ff8b9de09a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48456 Malicious code in src_core-instance_index_ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb33619d23821086dfbbc0d7c6b5a0e7012d4d9f94f2779bc5a4a195496868ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...