51 matches found
MAL-2026-6432 Malicious code in rstreams-metrics (npm)
The rstreams-metrics npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
Malicious code in javascript-yaml (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security d83c3b506a10b770a8c1f98d280262478cccc65708bb1066a72e0708dccaaf75 This malicious package is part the IronWorm campaign. This campaign executes a malicious binary payload during installation via a preinsta...
MAL-2026-5193 Malicious code in javascript-yaml (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security d83c3b506a10b770a8c1f98d280262478cccc65708bb1066a72e0708dccaaf75 This malicious package is part the IronWorm campaign. This campaign executes a malicious binary payload during installation via a preinsta...
Malicious code in weavedb-contracts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a352d761eba6aa71b41fc09bb621d3f04e8c7c0e74487392a7c69e77719426b9 No concrete indicators of installer-side harm were identified in this version of weavedb-contracts. No lifecycle scripts, network beacons, credential...
MAL-2026-5190 Malicious code in hbsig (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 96b3a65aade5ea74ab5761d7ad3a332834594752f34fdb69a095efe59a681c90 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-44971 GuardDog: Blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration
GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an...
Malicious code in @antv/g-plugin-canvas-picker (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in @antv/g-lite (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4062 Malicious code in @antv/li-editor (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
MAL-2025-190737 Malicious code in @ensdomains/solsha1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c4a8798162224fba85c25e8c01bb31790ea20f33f47fbe558eb659c197e0a4e The package @ensdomains/solsha1 was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190803 Malicious code in @ensdomains/cypress-metamask (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19427e64315a085f7001dff6a896730aa4cce33cf679f6a2da0a8bc61e96fb58 The package @ensdomains/cypress-metamask was found to contain malicious code. Source: ghsa-malware...
EUVD-2022-3132
Malicious code in bioql PyPI...
EUVD-2024-3255
Malicious code in bioql PyPI...
EUVD-2025-11008
Malicious code in bioql PyPI...
EUVD-2022-4200
Malicious code in bioql PyPI...
EUVD-2023-2288
Malicious code in bioql PyPI...
MAL-2025-47196 Malicious code in ng2-file-upload (npm)
The package ng2-file-upload was found have been identified as potentially malicious due to the inclusion of a minified postinstall script. It is considered suspicious because: The script appears to attempt to steal access tokens for npm, GitHub, AWS, GCP, etc. There is no changelog or new tags in...
Malicious versions of Nx were published
Summary Malicious versions of the nx package, as well as some supporting plugin packages, were published to npm, containing code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts. Immediate Actions Required For all users, check if you were...
CVE-2024-52009
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Atlantis logs contains GitHub credentials tokens ghs... when they are rotated. This enables an attacker able to read these logs to impersonate Atlantis application and to perform actions on...