421 matches found
MAL-2026-3998 Malicious code in @antv/gatsby-theme (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
@atlassian/aui (>=9.3.22 <=10.0.0-M02), @charcoal-ui/icons (>=3.16.0 <=3.21.0) +115 more potentially affected by CVE-2025-15599 via dompurify (>=2.5.4 <=2.5.8)
dompurify NPM version =2.5.4, =9.3.22, =3.16.0, =3.0.0, =3.0.0, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240719153432, =0.0.0-fec-156-react19-20250116105607, =0.0.0-fec-156-react19-20250116105607,...
Malicious code in gatsby-plugin-antd (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1db5c29950300909f2a9571826a482e10a6ce45dae9529f28ad87ddc2b98119b The package gatsby-plugin-antd was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191396 Malicious code in gatsby-plugin-antd (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1db5c29950300909f2a9571826a482e10a6ce45dae9529f28ad87ddc2b98119b The package gatsby-plugin-antd was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199366
Malicious code in gatsby-plugin-antd npm...
EUVD-2025-199341
Malicious code in @alexadark/gatsby-theme-wordpress-blog npm...
EUVD-2025-199342
Malicious code in @alexadark/gatsby-theme-events npm...
MAL-2025-191182 Malicious code in @alexadark/gatsby-theme-events (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8516b639c9bdcc54192b6e206090c381522d0f48987715c16f5c68a90ca3b8f4 The package @alexadark/gatsby-theme-events was found to contain malicious code. Source: ghsa-malware...
Malicious code in gatsby-plugin-cname (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d533b6b1c548148392393696a1a82fc32d46ae923e8a30cbc2e7a9118b1ed21 The package gatsby-plugin-cname was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199205
Malicious code in gatsby-plugin-cname npm...
MAL-2025-191100 Malicious code in gatsby-plugin-cname (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d533b6b1c548148392393696a1a82fc32d46ae923e8a30cbc2e7a9118b1ed21 The package gatsby-plugin-cname was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
@amorist/gatsby-theme-antd (=1.0.0), @antv/f2-site (>=4.0.0-4.0.0-alpha.3.0 <=5.0.1-beta.0) +16 more potentially affected by unknown CVE via gatsby-plugin-cname (=1.0.0)
gatsby-plugin-cname NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on gatsby-plugin-cname and may be impacted: - @amorist/gatsby-theme-antd =1.0.0 - @antv/f2-site =4.0.0-4.0.0-alpha.3.0, =0.9.81, =1.0.0, =1.1.18-beta.0, =0.0.1, =0.0.4,...
EUVD-2025-175809
Malicious code in unuk-gatsby-dysonswarm-izar npm...
EUVD-2025-179552
Malicious code in cosmiconfig-gatsby-janus-slides npm...
Malicious code in vulcan-delphinus-protoplanetarydisk-gatsby (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b24d971495291e83f1b4c4e45bbbcca2ecbe2a09313935b9aa7b391db4d8be1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-177709
Malicious code in nashira-winston-aurora-gatsby npm...
EUVD-2025-178761
Malicious code in gatsby-enif-tachyon-prosthetics npm...
EUVD-2025-178763
Malicious code in gatsby-await-palynology-version npm...