46 matches found
MAL-2026-5406 Malicious code in ui-weave (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee5b1184b3208f8eee80df74c37c809f93461564a9226e1f82e1d551770d799a package.json declares postinstall: node lib/utils/index.js, which spawns a detached child process running lib/utils/smtp-connection/index.js. That...
Malicious code in codex-devcontainer-install (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8248bf278df1e89da484099e912cdf9f8659976469a219bee14a03e2755391ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5066 Malicious code in ethers-hash (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d77270819f9736bb8e5eaba898605cbe713dfaf9b06c2ad539aa29f77651aba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ts-schema-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d68e7e22dfa399a34405dd3c5824b27aa46ef7773d2bad7b4b698c77f17ccf1f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-2111 Malicious code in tailwind-font-inter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2cb39a969b06dada95f847c6d5fc21fd0cb38a37c6b38a6b60ef1ca439f2147 The package tailwind-font-inter was found to contain malicious code. Source: ghsa-malware...
MAL-2026-828 Malicious code in @reimorg/config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b715386d6331820f6ad234559c9b38d82c81bd4e0ff2ba695a8f509a4a0b9d81 The package @reimorg/config was found to contain malicious code. Source: ghsa-malware 01b3357726455a4a24aecc9b4255f7ea96cab434482b28a50e5d48f06e3cf1d...
MAL-2026-399 Malicious code in torbaileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10e4b08c935365c992a67e45fd75888de1262836188ca5a0246ba4bae988b713 The package torbaileys was found to contain malicious code. Source: ghsa-malware 477238eba8ca0f2c24ebb88b73089608a73fdc363b248e404b66acc829c0777d Any...
MAL-2025-192651 Malicious code in viktorparserctf5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 224c79dee4e3a36c67bd12a6cc3f0578d4eb4fe75dd92e3dde8aae08ce646fee The package viktorparserctf5 was found to contain malicious code. Source: ghsa-malware 49d2b2440876d75785bb3d21a9f41cb3226ab45155823ae19b472b367e993b...
Malicious code in ctfparsertna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52cd5612214cb1fd0ed34899c5e686c4fdbecb4a820e170a3589987c20b9b3da The package ctfparsertna was found to contain malicious code. Source: ghsa-malware 90b9a48b58422c5d9853769c983bd04388558c312be191e3bfd8a82158214d38 A...
Malicious code in prefer-object-spread (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24f3eb78b1232c6b636794710f52f1699237b0b29192397a63c0b1b307652154 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48773 Malicious code in add-module-exports (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c839bfd4379fee1d18fbca3447b73a811fda655fedf4480f2593d5d75149a421 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48336 Malicious code in mad-1.2.8.2.2.8 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f458f275324cf68bed67b3ae284456b3688dfd9634450c5a03f39552352ea625 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48166 Malicious code in redirect-gzkgcn (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e557f0c5b3c03d1de20da75558e56c4dbc781ccaf9659b76972081d5be8e552 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ipp-auth-service-tools (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54b42b5695779161ac5d3618b146cd263b9f17a9c1fe517abd5efff7b3ecdc97 Any computer that has this package installed or running should be considered...
Malicious code in secure-r007k17 (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbd04d692c36ca50563b6dbb1de8053730817b3f74b9e23389dd90505621062a Any computer that has this package installed or running should be considered...
Malicious code in parabol-action (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d82468091c3a867fd7981eef0555f14edc29822f932782c0fac1bf9e67a15d7e Any computer that has this package installed or running should be considered...
Malicious code in fc-card-overview (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52e92e70129fc8f9de1f5052d516f6fd499edcfc902e3f08c68db8c3ea792448 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in unipig (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd7ac3cdec95558ed3e5a4e37325f492860d532de1cb8c3013e53a21ee441ffc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in arena-plm (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8f794e10373e988ac142e6dcebe8943efb8a623a7c9db9bee70ce592ef1e5746 Any computer that has this package installed or running should be considered...
Malicious code in fatfingers-hahayeet33 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1c493777df023436a0434514b500e7841fce42e9f56e3c4249ec74ee0db2dc9b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...