MAL-2026-4336 Malicious code in webservices.rest-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c9c78a4d0c87def69bbc5337e41a730e7ca6ae898426759915f053dc584581c package.json declares both preinstall and postinstall hooks that execute index.js, which exfiltrates installer data to a base64-encoded Cloudflare...

Malicious code in babel-6-compatibility (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8087b9d84c49b5f44fe119e347d1fe658395eb8af859209bcf8884716692229d The package babel-6-compatibility was found to contain malicious code. Source: ghsa-malware...

Malicious code in gamma-api-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0c08011b9300cb8b734d3d0bebc12d47ba78173fd7bb3b676459217b0c2d367 The package gamma-api-provider was found to contain malicious code. Source: ghsa-malware...

Malicious code in ofjaaah-auth-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 680db6543dbee7ec4f8cfe557fc5c76a13bb684b7faeec4e6e2582c0d89ecdf7 The package ofjaaah-auth-module was found to contain malicious code. Source: ghsa-malware...

Malicious code in wdk-pricing-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c93fe5d1e216edcbf2fbabc1a210e2d2265a37dc038caa8477fee167dfd2f6b0 The package wdk-pricing-provider was found to contain malicious code. Source: ghsa-malware...

MAL-2025-48925 Malicious code in ews-paze-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 919f20823a98370aeff343ebdedbd1f86353649a1f852ec6c5ef7314925970d4 The package ews-paze-toolkit was found to contain malicious code. Source: ghsa-malware 60989a72103601dc11b185549de7abb4bdb1442776d790dab1945d25b5ab27...

Malicious code in redirect-shqv6v (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 51b4e79ff7698297acecee22b28fce7722c6c7173e739ee265fae8cc583dee68 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in sync365 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2003136f074fe6e477c1a6a3458258fb4a9b375093b0520cafc082e4ff537f39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ve-vores (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dcef286db1ecd73863ccb186a0860866493f59111555883f1eeea823933a163f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @bmw-fedev/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aaf1cfd96aa6434cb73b22f2e38fda0979e7847fff11c575bd67ea8e2f09c8f4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in bithumb-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 486276686eda2f4f675b363605d7e934f7665dfbca8a85f49d8b76a801f7ce43 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in lyt2tn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 312173873c2fb333f42e0058f026f798ef0dcceb5b80ba8f4d34f8ccf71c0a20 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ava-ilable-down-load-mp3-today-2017-64747-near-to-the-wild-heart-of-life-n5sic-lqeaui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1eb2e3b8cb8e76a52b3c084dd367ab850cb06532d4dd602e38805bd4838655dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in down-lo-ad-now-zip-mp3-7514-tapestry-fqgk2-jvvwtn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e313ea5904ea6421f91d9c6bd2eec5d8a7571283640ee280aa882e8eb90fa44 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @diotoborg/quod-similique-iusto (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dfacda54c4e260f73c671cefedd4ba06cfc06fc063a800ab5e73fe566d73baf0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @diotoborg/incidunt-odio (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d5286c9fb5698bb87e2bd6bc31058c902bf0323a0d70d926986b5c5eb0a7748c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @diotoborg/officia-labore (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 265ae1d962fb5f3a65be2a3fa5be19458ada059dc3595364f339fe68292b810b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @zitterorg/officiis-eveniet (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 033b2ce322c540a8d105ce2c43f0294a25860439c44de4a0f87016b6b6ccbd29 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @zitterorg/nemo-atque (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d9c1da21e7f18856e39379c221e5cc6b4d82f0d1ff647120db0b4e5a4396d5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @juiggitea/quod-voluptatibus-molestias-modi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 757fcc48a2d8bf16a4025910d6ded04f0aa457e61a0c4b175e318f19d67694f6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...