1732 matches found
MAL-2026-1564 Malicious code in transform-es2015-spread (npm)
The package 'transform-es2015-spread' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1403 Malicious code in tradepmr-fusion-core-drzak (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c349b8764d0420102fac6617d31810af64e670f6939bed61097a46458ab41c4 The package tradepmr-fusion-core-drzak was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1332 Malicious code in mui-path-imports (npm)
The package 'mui-path-imports' is part of the PhantomRaven supply chain attack campaign Wave 4. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1305 Malicious code in collab-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 827bba21aab2fb6ac088e0ab66d2d6ce16a9edcfb26736c85c5d9c8488019b21 The package collab-library was found to contain malicious code. Source: ghsa-malware aa4043d376077e02719a8d768bb1e2631de6c69525ebd948ed92102f617adc9c...
MAL-2026-1270 Malicious code in @wgu-edu/wgu-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d26d12da6d55658bcd129c71b6cd484c74498f993ec35f2219f69b6b8018ccee The package @wgu-edu/wgu-icons was found to contain malicious code. Source: ghsa-malware...
Malicious code in imhuman-fw-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04a81e9c61dcf38b54d4e0ad070050a4817a509858f0f56725074b54c24288a1 The package imhuman-fw-logger was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1251 Malicious code in pear-apps-lib-ui-react-hooks (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 325efdb6f86d5a55bf6cf0630f6fc6be87fbe387047929a31e4e5e55a8ea6cdf The package pear-apps-lib-ui-react-hooks was found to contain malicious code. Source: ghsa-malware...
CVE-2026-22886
OpenMQ exposes a TCP-based management service imqbrokerd that by default requires authentication. However, the product ships with a default administrative account admin/ admin and does not enforce a mandatory password change on first use. After the first successful login, the server continues to...
Malicious code in @twilio-client/twilio-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d655ae7b2eb263b5d3c630c72182a60a7012272acc57f1816eb73fd1c9119a97 The package @twilio-client/twilio-client was found to contain malicious code. Source: ghsa-malware...
Malicious code in @global-dax-ad-platform/dax-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93ad3965eea87837397d655bd3d3cdd0ccefdbc65747460981af49ea2296dd2e The package @global-dax-ad-platform/dax-utils was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1170 Malicious code in @global-dax-ad-platform/dax-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93ad3965eea87837397d655bd3d3cdd0ccefdbc65747460981af49ea2296dd2e The package @global-dax-ad-platform/dax-utils was found to contain malicious code. Source: ghsa-malware...
Malicious code in @global-dax-ad-platform/dax-modules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8eb4c0cce0e997a5ceaf51dd24ec685c500bbfe904265afdce79bb5b2f7e0033 The package @global-dax-ad-platform/dax-modules was found to contain malicious code. Source: ghsa-malware...
Malicious code in openclaw-droid (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f44b4e03b9d39603b2f92afff328117f480b35edd9fa3b64b40d6175b3432906 The package openclaw-droid was found to contain malicious code. Source: ghsa-malware a9462b166b838e565ac3aeb11533c69cb1168a95efc54468c0ed81628d080281...
MAL-2026-1157 Malicious code in token-discord-encryptation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c8f046fd4903192eb3de371ca4df10734635758b721d7cf2827f9df6f84f0d The package token-discord-encryptation was found to contain malicious code. Source: ghsa-malware...
Malicious code in xpack-subscription (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62edc6bb089c839e93cf7b71b8b46ca1f5d064272cac586b49cda41fc40b1c19 The package xpack-subscription was found to contain malicious code. Source: ghsa-malware...
Malicious code in ts-big-number (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 644a6ea1bec80a1e6f2dd3ee69a62602237f916e6b2877e126e18d8ef5b7f691 The package ts-big-number was found to contain malicious code. Source: ghsa-malware 490d5033b9169ec80de58a0c2bb8bdbfe435f06200e0b7cc729ce393f2449d40...
MAL-2026-1109 Malicious code in jsnwebapptoken (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae3c045f3e6ca79915965788d10accc663e97bacc01fd6d94baa9bf781c38a0c The package jsnwebapptoken was found to contain malicious code. Source: ghsa-malware 26490b6a28e0b832aa5d386d750166e3cab2c2eb776706c9cf05fa16757758c6...
MAL-2026-1105 Malicious code in daytonjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64164959c731481a5fc4117f26a4e9716c24483ac92839fc7945131c96232801 The package daytonjs was found to contain malicious code. Source: ghsa-malware 2961273f0dc9c6f1bc13bb7c4e47797f2eae23dc3dfcafbf3f58984225127c16 Any...
Malicious code in dgxeon-soket4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c38e017a1a49fe2e8fa61441a0f35d77a1b7052475fffefecca2fa4248a54c58 The package dgxeon-soket4 was found to contain malicious code. Source: ghsa-malware 1efad9e444be88f0b8912153564d4feb2b0dff3063ec3bb5f0750731faec1057...
Malicious code in dgxeon-soket2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 833766a284022eb1ea516ee081a4cec3c5153b1bbec222238d7e676876acf10c The package dgxeon-soket2 was found to contain malicious code. Source: ghsa-malware d7bc58675189e4ecaf6f63610f5f5a05aebb80d0f3cb8bd1247fc9876a7bd13b...