@hocgin/ui (>=4.0.43 <=4.2.13), ame-miniapp-components (>=1.4.10-beta0 <=1.6.3-beta1) +5 more potentially affected by unknown CVE via react-adsense (=0.1.0)

react-adsense NPM version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-adsense and may be impacted: - @hocgin/ui =4.0.43, =1.4.10-beta0, =0.30.0, =2.0.3 - hello-tea-js =1.0.0 - jie-web =1.0.0 Source cves: unknown CVE Source advisory:...

MAL-2026-3998 Malicious code in @antv/gatsby-theme (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

@atlassian/aui (>=9.3.22 <=10.0.0-M02), @charcoal-ui/icons (>=3.16.0 <=3.21.0) +108 more potentially affected by CVE-2025-15599 via dompurify (>=2.5.4 <=2.5.8)

dompurify NPM version =2.5.4, =9.3.22, =3.16.0, =3.0.0, =3.0.0, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240719153432, =0.0.0-fec-156-react19-20250116105607, =0.0.0-fec-156-react19-20250116105607,...

Malicious code in gatsby-plugin-antd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1db5c29950300909f2a9571826a482e10a6ce45dae9529f28ad87ddc2b98119b The package gatsby-plugin-antd was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191396 Malicious code in gatsby-plugin-antd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1db5c29950300909f2a9571826a482e10a6ce45dae9529f28ad87ddc2b98119b The package gatsby-plugin-antd was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199366

Malicious code in gatsby-plugin-antd npm...

@amorist/gatsby-theme-antd (=1.0.0), @antv/f2-site (>=4.0.0-4.0.0-alpha.3.0 <=5.0.1-beta.0) +25 more potentially affected by unknown CVE via gatsby-plugin-antd (=2.2.0)

gatsby-plugin-antd NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on gatsby-plugin-antd and may be impacted: - @amorist/gatsby-theme-antd =1.0.0 - @antv/f2-site =4.0.0-4.0.0-alpha.3.0, =0.1.0, =1.0.0, =1.0.0, =1.1.18-beta.0, =0.0.1,...

EUVD-2025-199341

Malicious code in @alexadark/gatsby-theme-wordpress-blog npm...

EUVD-2025-199342

Malicious code in @alexadark/gatsby-theme-events npm...

MAL-2025-191182 Malicious code in @alexadark/gatsby-theme-events (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8516b639c9bdcc54192b6e206090c381522d0f48987715c16f5c68a90ca3b8f4 The package @alexadark/gatsby-theme-events was found to contain malicious code. Source: ghsa-malware...

@amorist/gatsby-theme-antd (=1.0.0), @antv/f2-site (>=4.0.0-4.0.0-alpha.3.0 <=5.0.1-beta.0) +16 more potentially affected by unknown CVE via gatsby-plugin-cname (=1.0.0)

gatsby-plugin-cname NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on gatsby-plugin-cname and may be impacted: - @amorist/gatsby-theme-antd =1.0.0 - @antv/f2-site =4.0.0-4.0.0-alpha.3.0, =0.9.81, =1.0.0, =1.1.18-beta.0, =0.0.1, =0.0.4,...

EUVD-2025-199205

Malicious code in gatsby-plugin-cname npm...

Malicious code in gatsby-plugin-cname (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d533b6b1c548148392393696a1a82fc32d46ae923e8a30cbc2e7a9118b1ed21 The package gatsby-plugin-cname was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191100 Malicious code in gatsby-plugin-cname (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d533b6b1c548148392393696a1a82fc32d46ae923e8a30cbc2e7a9118b1ed21 The package gatsby-plugin-cname was found to contain malicious code. Source: ghsa-malware...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

@amorist/gatsby-theme-antd (=1.0.0), @antv/f2-site (>=4.0.0-4.0.0-alpha.3.0 <=5.0.1-beta.0) +16 more potentially affected by unknown CVE via gatsby-plugin-cname (=1.0.0)

gatsby-plugin-cname NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on gatsby-plugin-cname and may be impacted: - @amorist/gatsby-theme-antd =1.0.0 - @antv/f2-site =4.0.0-4.0.0-alpha.3.0, =0.9.81, =1.0.0, =1.1.18-beta.0, =0.0.1, =0.0.4,...

EUVD-2025-175809

Malicious code in unuk-gatsby-dysonswarm-izar npm...

EUVD-2025-179552

Malicious code in cosmiconfig-gatsby-janus-slides npm...

Malicious code in vulcan-delphinus-protoplanetarydisk-gatsby (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b24d971495291e83f1b4c4e45bbbcca2ecbe2a09313935b9aa7b391db4d8be1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...