49 matches found
MAL-2025-190949 Malicious code in colors-regex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84ccf2bd5bd452f49978832d66685075c10f116c9cc007d7d8c31a2e001b3efe The package colors-regex was found to contain malicious code. Source: ghsa-malware 79632b803684fda175b5701ef644e5ef4e7791334d60bf8e8635cdb0f0d01164 A...
MAL-2025-190874 Malicious code in @posthog/currency-normalization-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9c408cabd7de49cf79956eda3f74bde72c000069ac4d356f6a410f02cfa155f The package @posthog/currency-normalization-plugin was found to contain malicious code. Source: google-open-source-security...
MAL-2025-190905 Malicious code in @postman/pm-bin-macos-x64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7af6b141ac3ae548c7fadfe1523b270a35c69e8f5c20035f682e9ee726f1bdec The package @postman/pm-bin-macos-x64 was found to contain malicious code. Source: google-open-source-security...
MAL-2025-190913 Malicious code in @postman/wdio-junit-reporter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ac6f5998a89d257823fdf6368153d30126e695eb96b8ba6a5cd500fe661b8f8 The package @postman/wdio-junit-reporter was found to contain malicious code. Source: google-open-source-security...
MAL-2025-190909 Malicious code in @postman/postman-mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7c276129c0d99cb4f8aa63e9f3911b1f38145837396ac3b00ba48533a6050b8 The package @postman/postman-mcp-server was found to contain malicious code. Source: google-open-source-security...
MAL-2025-190900 Malicious code in @posthog/wizard (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43ed05e891884ed2cf2d6f1790352cd3d07f97a03c6fb152561eb2e8b9d938c2 The package @posthog/wizard was found to contain malicious code. Source: google-open-source-security...
MAL-2025-190841 Malicious code in evm-checkcode-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67c49d35b6096e7c647d830c11a75a90f1bd3b90677f1c72d1bdefcd87b134e8 The package evm-checkcode-cli was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190806 Malicious code in @ensdomains/mock (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa69028234e7d9845b0190a845d7ed004315332e53db9625716d3e8c34f9d555 The package @ensdomains/mock was found to contain malicious code. Source: ghsa-malware e5e3d7ebf0c01ec0fcf11c5473aa2d0ae19924590bc4f27ac7e988945272d5...
MAL-2025-190788 Malicious code in zapier-async-storage (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03106802713a8738ac15728a0fdb19774a74ac3ae3aa76b501b8d4b08e8a7e5e The package zapier-async-storage was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190744 Malicious code in @kvytech/medusa-plugin-announcement (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fda18824e7544b009117ab962028a53a03245d741b85fa30789a9cda67f5b1b The package @kvytech/medusa-plugin-announcement was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190702 Malicious code in trigo-react-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b342d6dbb3287df2002c455ce23553f3aa118b46e447741fa840397425741076 The package trigo-react-app was found to contain malicious code. Source: ghsa-malware 11f63c9b322a04a69d7c2c875302dfe971081157a6ea2c3360e65c5e4f9f5a9...
MAL-2025-190638 Malicious code in @asyncapi/modelina (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6021816ea47fd6743ed24c196df8db60f0649e0d5b185ceb9b418ba457b21e3 The package @asyncapi/modelina was found to contain malicious code. Source: ghsa-malware...
Malicious code in create-hest-app (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4f8a7c74b24a78d61a35d81d643117f524f843b425f34d281012f7ab8632868 Any computer that has this package installed or running should be considered fully compromised. All...
MAL-2025-47244 Malicious code in @hestjs/scalar (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d36a72c3f3f21fe3a00bb733bb8c5470311fe9906143d0e0d76b110a75451085 Any computer that has this package installed or running should be considered fully compromised. All...
Malicious code in @nexe/config-manager (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22a78a7d10a59f7a2928448f3166f83de5443650d498bd687751f36688e87c5d Any computer that has this package installed or running should be considered fully compromised. All...
MAL-2025-47361 Malicious code in wdio-web-reporter (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab54ef5f776b95eb6610135fb736bcc77ce0ed9cc7ec79b805afe3498110fb84 Any computer that has this package installed or running should be considered fully compromised. All...
MAL-2025-47371 Malicious code in @art-ws/common (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a490c632daaee5b64f871466f63aae92473f9d088ce9c7d1c40cf9a7de5de0d3 Any computer that has this package installed or running should be considered fully compromised. All...
MAL-2025-47387 Malicious code in @nativescript-community/ui-document-picker (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 46d11dbb6f2ddb5b46be5e63a827af98e3f887baac9c3df11be485d8326089b2 This package was compromised by the Shai-Hulud NPM worm. The malicious payload steal...
MAL-2025-47416 Malicious code in voip-callkit (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a734b4465eca2576dd3250f97ed37e8537b32d73d0b45adc3bca41bdd52c633c Any computer that has this package installed or running should be considered fully compromised. All...
MAL-2025-47369 Malicious code in @ahmedhfarag/ngx-perfect-scrollbar (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e9a4bed6d1357c605ccddf7572e17ab6b17c849c549615c0f10ec22921afc0a Any computer that has this package installed or running should be considered fully compromised. All...