47 matches found
Malicious code in npm-rce-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6365312ad1339c7d5539f594b9e472ea3f10401fa356fe49766de887368e87c9 Package declares a postinstall lifecycle script that, on npm install, fetches a script over plain HTTP from a hardcoded bare IP...
MAL-2026-7019 Malicious code in npm-rce-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6365312ad1339c7d5539f594b9e472ea3f10401fa356fe49766de887368e87c9 Package declares a postinstall lifecycle script that, on npm install, fetches a script over plain HTTP from a hardcoded bare IP...
Malicious code in date-fns-lite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4694a079d83e33dcee7f87140c41737009d9f0b19f351c23f2ae3dbce9a47a51 [email protected] presents as a lightweight date-formatting utility but ships a malicious postinstall.js that runs automatically on npm install. T...
Malicious code in date-fns-scripts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae8c5ce8aaa40b0479646a8cd09a5a83b803e857a64de372621002edcb2e27cd The package date-fns-scripts was found to contain malicious code...
MAL-2026-1704 Malicious code in date-fns-scripts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae8c5ce8aaa40b0479646a8cd09a5a83b803e857a64de372621002edcb2e27cd The package date-fns-scripts was found to contain malicious code...
EUVD-2025-199030
Malicious code in stat-fns npm...
Malicious code in stat-fns (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5395e07a1f1a743d77d42495c7eaf08cb0ced22a0b0883b53b5adf78beef28a The package stat-fns was found to contain malicious code. Source: ghsa-malware 6c2e197e85b015babcf3a2073e3f76b980a3ae924a49a20d9c1648c610d7d3c0 Any...
Malicious code in format-fns (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 526920f308cc3493a6a3bc9f9e6c7869e0d79392a5ad4c3d20853f93c1be3347 The package format-fns was found to contain malicious code. Source: ghsa-malware a2305cdbb291326c8e91c15e88648a66dff9f0cdcee605ff604ec85ef226b91a Any...
MAL-2025-149903 Malicious code in format-fns (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 526920f308cc3493a6a3bc9f9e6c7869e0d79392a5ad4c3d20853f93c1be3347 The package format-fns was found to contain malicious code. Source: ghsa-malware a2305cdbb291326c8e91c15e88648a66dff9f0cdcee605ff604ec85ef226b91a Any...
Malicious Package
Overview format-fns is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
EUVD-2025-120002
Malicious code in format-fns npm...
EUVD-2025-31070
Malicious code in bioql PyPI...
EUVD-2024-43392
Malicious code in bioql PyPI...
CVE-2025-57351
A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where insufficient validation of user-provided keys in the assign function allows attackers to manipulate the Object.prototype chain. By leveraging this flaw, adversaries may inject arbitrary properties int...
Prototype Pollution
Overview ts-fns is a Public Functions. Affected versions of this package are vulnerable to Prototype Pollution via the assign function. An attacker can inject arbitrary properties into the global object's prototype by supplying crafted keys, which may result in application crashes, unexpected cod...
algeb (>=1.0.0 <=5.4.0), anys (>=0.0.1 <=9.0.0) +37 more potentially affected by CVE-2025-57351 via ts-fns (>=0.0.11 <=9.3.2)
ts-fns NPM version =0.0.11, =1.0.0, =0.0.1, =0.0.1, =1.1.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.2, =9.0.0 and more Source cves: CVE-2025-57351 Source advisory: SNYK:JS-TSFNS-13109930...
algeb (>=3.0.0 <=5.4.0), anys (>=0.0.1 <=9.0.0) +32 more potentially affected by CVE-2025-57351 via ts-fns (>=0.0.11 <=13.1.3)
ts-fns NPM version =0.0.11, =3.0.0, =0.0.1, =0.0.1, =1.1.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.2, =9.0.0 and more Source cves: CVE-2025-57351 Source advisory: OSV:GHSA-G7WQ-WGGW-VMHG...
GHSA-G7WQ-WGGW-VMHG ts-fns has prototype pollution vulnerability
A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where insufficient validation of user-provided keys in the assign function allows attackers to manipulate the Object.prototype chain. By leveraging this flaw, adversaries may inject arbitrary properties int...
CVE-2025-57351
A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where insufficient validation of user-provided keys in the assign function allows attackers to manipulate the Object.prototype chain. By leveraging this flaw, adversaries may inject arbitrary properties int...
CVE-2025-57351
A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where insufficient validation of user-provided keys in the assign function allows attackers to manipulate the Object.prototype chain. By leveraging this flaw, adversaries may inject arbitrary properties int...