7 matches found
MAL-2026-5295 Malicious code in coolbox (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c55bfdad112134e980af7568a9138be1e4b940f7bfbeebad2b0f85d9337a0f44 The wheel installs coolbox-setup.pth, a Python path-configuration file that Python auto-loads at every interpreter startup any python invocation...
Malicious code in @redhat-cloud-services/remediations-client (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
MAL-2026-3938 Malicious code in @antv/g-plugin-canvaskit-renderer (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2025-191356 Malicious code in @voiceflow/natural-language-commander (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bcffcb39c546d02117506c26844a1fddcedc61f18cd934b27642817c62189437 The package @voiceflow/natural-language-commander was found to contain malicious code. Source: ghsa-malware...
Information Disclosure
nx is vulnerable to Information Disclosure. The vulnerability is due to malicious package versions containing code that scans the file system and collects credentials, which allows an attacker to exfiltrate sensitive data by posting it to GitHub under the victim’s account...
MAL-2025-47389 Malicious code in @nativescript-community/ui-material-bottom-navigation (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c1599f8fe4dad02bc9f083f9d6c3af166818ba3a80e2bb13c37a4052f581b81c This package was compromised by the Shai-Hulud NPM worm. The malicious payload steal...
MAL-2025-47380 Malicious code in @art-ws/openapi (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95bf1ca6cf44627c0e79bccad94ab171021ece601814ac65cc70d055d925a3f0 Any computer that has this package installed or running should be considered fully compromised. All...