10minions-engine (>=0.0.1 <=0.0.4), @0xr404/lol404 (>=1.1.0 <=1.1.6) +3362 more potentially affected by CVE-2026-45740 via protobufjs (>=7.0.0 <=7.5.6)

protobufjs NPM version =7.0.0, =0.0.1, =1.1.0, =1.0.1-beta.0, =0.0.2-beta.0, =1.0.0, =1.5.10, =0.10.1, =1.1.0, =6.0.0, =2.0.2, =3.3.2 and more Source cves: CVE-2026-45740 Source advisory: SNYK:JS-PROTOBUFJS-16657755...

org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +13 more potentially affected by CVE-2026-44290 via org.webjars.npm:protobufjs (>=6.11.3 <=8.0.0)

org.webjars.npm:protobufjs MAVEN version =6.11.3, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.6.1, =0.5.2, =0.7.15 - org.webjars.npm:tiktok-live-connector =1.0.2 Source cves: CVE-2026-44290 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16643420...

org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +13 more potentially affected by CVE-2026-44288 via org.webjars.npm:protobufjs (>=6.11.3 <=8.0.0)

org.webjars.npm:protobufjs MAVEN version =6.11.3, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.6.1, =0.5.2, =0.7.15 - org.webjars.npm:tiktok-live-connector =1.0.2 Source cves: CVE-2026-44288 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16643235...

Malicious code in 1mi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a68ec5fa97918431510ba9ef57d3d601738891094478b5ebf996a3eafa0cb960 This package masquerades as a Cloudflare Worker Telegraf middleware README: 'cfworker-middware-telegraf' but its main module unconditionally forwards...

MAL-2026-3672 Malicious code in 1mi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a68ec5fa97918431510ba9ef57d3d601738891094478b5ebf996a3eafa0cb960 This package masquerades as a Cloudflare Worker Telegraf middleware README: 'cfworker-middware-telegraf' but its main module unconditionally forwards...

Malicious Package

Overview firestore-types is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in firestore-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36f49fdc3a0333a330d1304e9ed3b86ba15d469d01211eb308e3af670ec718ee The package firestore-types was found to contain malicious code. Source: ghsa-malware 9fbe3c1ce15b13f945553f027e3d9181facdc632eb1c9d25a12c570a8fe859e...

EUVD-2026-1981

Malicious code in firestore-types npm...

MAL-2026-219 Malicious code in firestore-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36f49fdc3a0333a330d1304e9ed3b86ba15d469d01211eb308e3af670ec718ee The package firestore-types was found to contain malicious code. Source: ghsa-malware 9fbe3c1ce15b13f945553f027e3d9181facdc632eb1c9d25a12c570a8fe859e...

EUVD-2025-199166

Malicious code in @lpdjs/firestore-repo-service npm...

Malicious code in @lpdjs/firestore-repo-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 614b34b1f58e1d1c7bb2affcabf4ea2cc7954cf6d6f5c389b4d535101664531d The package @lpdjs/firestore-repo-service was found to contain malicious code. Source: ghsa-malware...

Malicious code in firestore-search-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d13c5bf9a90c4b5043c0ac86fea67792a3688c2d84fb39eb0f2cf28902fe2e78 The package firestore-search-engine was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199221

Malicious code in firestore-search-engine npm...

MAL-2025-191092 Malicious code in firestore-search-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d13c5bf9a90c4b5043c0ac86fea67792a3688c2d84fb39eb0f2cf28902fe2e78 The package firestore-search-engine was found to contain malicious code. Source: ghsa-malware...

EUVD-2023-3097

Malicious code in bioql PyPI...

Malicious code in firestore-stripe-invoices (npm)

The package firestore-stripe-invoices was found to contain malicious code...

MAL-2025-20598 Malicious code in firestore-stripe-invoices (npm)

The package firestore-stripe-invoices was found to contain malicious code...

Malicious code in expo-firestore-upload (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 265b76b510b5a24dcbc9d26be8211555349249589a6468e756c32680aebda977 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4435 Malicious code in expo-firestore-upload (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 265b76b510b5a24dcbc9d26be8211555349249589a6468e756c32680aebda977 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-6460

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this.settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this...