27 matches found
MAL-2026-3998 Malicious code in @antv/gatsby-theme (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
@atlassian/aui (>=9.3.22 <=10.0.0-M02), @charcoal-ui/icons (>=3.16.0 <=3.21.0) +115 more potentially affected by CVE-2025-15599 via dompurify (>=2.5.4 <=2.5.8)
dompurify NPM version =2.5.4, =9.3.22, =3.16.0, =3.0.0, =3.0.0, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240719153432, =0.0.0-fec-156-react19-20250116105607, =0.0.0-fec-156-react19-20250116105607,...
EUVD-2025-199341
Malicious code in @alexadark/gatsby-theme-wordpress-blog npm...
EUVD-2025-199342
Malicious code in @alexadark/gatsby-theme-events npm...
MAL-2025-191182 Malicious code in @alexadark/gatsby-theme-events (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8516b639c9bdcc54192b6e206090c381522d0f48987715c16f5c68a90ca3b8f4 The package @alexadark/gatsby-theme-events was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
@arcblock/gatsby-theme-docs (>=5.7.0 <=7.34.5), @changeinc/components (>=1.0.4 <=1.0.20) +87 more potentially affected by CVE-2025-3193 via algoliasearch-helper (>=2.13.0 <=2.2.0)
algoliasearch-helper NPM version =2.13.0, =5.7.0, =1.0.4, =1.0.4, =1.0.0, =2.2.1-custom, =0.0.7, =0.1.2, =0.1.4, =0.2.3, =0.2.1, =0.0.1, =2.0.0, =0.0.0, =1.9.0, =1.0.0, =1.4.2 and more Source cves: CVE-2025-3193 Source advisory: OSV:GHSA-529Q-4J3P-7C5R...
Malicious code in gatsby-theme-bulmaio (npm)
The package gatsby-theme-bulmaio was found to contain malicious code...
MAL-2025-21212 Malicious code in gatsby-theme-bulmaio (npm)
The package gatsby-theme-bulmaio was found to contain malicious code...
MAL-2025-4173 Malicious code in gatsby-theme-newrelic (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in gatsby-theme-newrelic (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in gatsby-theme-tinker-tailor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5df1c0054184f09396ef18554ff586b8264bd0fd8bfb34db6eb37fb5bcf37fe4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-594 Malicious code in gatsby-theme-tinker-tailor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5df1c0054184f09396ef18554ff586b8264bd0fd8bfb34db6eb37fb5bcf37fe4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @husky-x/gatsby-theme-husky (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-2411 Malicious code in @husky-x/gatsby-theme-husky (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in gatsby-theme-deriv (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 32ede5793754442e2e56bdb177dea81b15771050ced8976b1958a4eff4cd2b9c The OpenSSF Package Analysis project identified 'gatsby-theme-deriv' @ 1.1.0 npm as malicious. It is considered malicious because: - The package...
MAL-2024-1153 Malicious code in gatsby-theme-deriv (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 32ede5793754442e2e56bdb177dea81b15771050ced8976b1958a4eff4cd2b9c The OpenSSF Package Analysis project identified 'gatsby-theme-deriv' @ 1.1.0 npm as malicious. It is considered malicious because: - The package...
@magicfinn/gatsby-theme-finn-default (>=1.0.0 <=2.0.40), @panstav/ozen-dashboard-shared (>=0.0.2 <=0.0.7) potentially affected by CVE-2022-35923 via v8n (>=1.2.3 <=1.3.3)
v8n NPM version =1.2.3, =1.0.0, =0.0.2, =0.0.7 Source cves: CVE-2022-35923 Source advisory: OSV:GHSA-XRX9-GJ26-5WX9...
MAL-2022-313 Malicious code in @harrysforge/gatsby-theme-experiment-manager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e54e93376c3ca31dfee91c73665439b55cb00e252cd60fba6a27453eabfebdc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @harrysforge/gatsby-theme-cart (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9bec2a0c2933475670023407273df67f06a810947c55c2bb58484ff145a09cb8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...