123 matches found
Malicious code in @mastra/datadog (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 419bbaa0a59a504f999013baee0011006c5cc6326045c0424705d91d3ac10c75 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e2c2d05f943ea7c6d8e1ae3bcfb7acc5497d114f89e6199f50e0ea3119256be2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @redhat-cloud-services/rbac-client (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in the_secret_of_running_by_hans_van_dijk_ron_van_megen_02jsk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11aa0239d26b0aae85ed4e3f9bc78838fbdfd47beb4bc9ab701687cb7081513e The package thesecretofrunningbyhansvandijkronvanmegen02jsk was found to contain malicious code. Source: ghsa-malware...
Malicious code in @uipath/aops-policy-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3ffa653b190d1fd6f355664623366bda5832396e46eb577a6da7e729d642ca5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3494 Malicious code in @tanstack/virtual-file-routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c95e413c2e182a7d35b0ec3ba9f2a979d63c77c1a7f20a6204059f7b66b433bc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-2065 Malicious code in @opengov/ppf-eslint-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9589ba5a93df27f74e2153118cf450e51df3df58d8c7abd8e4043cf28c0d8bf The package @opengov/ppf-eslint-config was found to contain malicious code. Source: ghsa-malware...
Malicious code in vue-scoped-css (npm)
The package 'vue-scoped-css' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.co...
Malicious code in json-merge-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f16e8d9c37feb30d5a44f7a94620c3a09d182a34cd5ccc1e7c97aaf4a991ab10 The package json-merge-tool was found to contain malicious code. Source: ghsa-malware 4bb041118bdac1123bd722a9b1f99ddb6ca406f7ce80d5de344b2c36614b89e...
Malicious code in @shenira/baileysx (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a56827739abd116eca80e92a5a3d25815c78653c0c4513433fd5c4335cb9cca The package @shenira/baileysx was found to contain malicious code. Source: ghsa-malware...
Malicious code in opencraw (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aaed661cc51e76234fc6cba7587b973903e00bbacd33da7114aeb726d957b577 The package opencraw was found to contain malicious code. Source: ghsa-malware 5bc39adf3939792f918a50cbc9a9952a11d950e361d83d5631449f20ad634945 Any...
Malicious code in cyrpto (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88df3de403df4549d6cae9b1d508f683da4ed91d472a6020a40a3dbd6d5930fc The package cyrpto was found to contain malicious code. Source: ghsa-malware 1e003c50bdddfa1368c5ed0e356acfab8b21a0d410f1d181471b88221a590cd9 Any...
MAL-2025-192979 Malicious code in @ptest2535/artifactory-demo-ptest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 179d121743e4ae61b32780c6a0ea72f57b23796b21513e57f998da725dd49318 The package @ptest2535/artifactory-demo-ptest was found to contain malicious code. Source: ghsa-malware...
Malicious code in wifi-killer-xnet (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc233a0f06c7d7ecc69b5b2166295c9e8b63c8c05198355f8f80295907125e17 The package wifi-killer-xnet was found to contain malicious code. Source: ghsa-malware 98f1d50e89f69d69cfae05f464ddc4db1ea8e83fb48168cad1f75c87d4705a...
Malicious code in tnactgfds (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc53eec6bc0141b35cd02a25f78b5c7862e6b8ed845eb0b47da084b5d3582396 The package tnactgfds was found to contain malicious code. Source: ghsa-malware 40a7fc6d425dcaf14cd401ae7c14ef495455f779891345d9844a6465c7d4f795 Any...
Malicious code in @pradhumngautam/common-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8984d278847eccce8a7e440093a12e26681f10e6534f163544592f20e7539c81 The package @pradhumngautam/common-app was found to contain malicious code. Source: ghsa-malware...
Malicious code in fittxt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c57d0df6ffd72d43e267f4cb6f900055e9c3497d3b812a200bcaccf0356d762b The package fittxt was found to contain malicious code. Source: ghsa-malware 1dadb9e87da9f569b318ce6dd9a3a17eba4970fc2ac296d5ddd6f8515a5b3609 Any...
Malicious code in @zapier/browserslist-config-zapier (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5146756159d44339572781661307fc36bb08adb636158ee54628f774506ae47 The package @zapier/browserslist-config-zapier was found to contain malicious code. Source: ghsa-malware...
MAL-2025-49024 Malicious code in named-asset-import (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 41aa2c9de0b9bf1fc5a9cbee9d0442255a36d349e4645660908d01b2ac8db820 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @chatgptclaude_club/claude-code (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a4754ec4fdda490eb8df83dba70a4eca2d697b1db00133e748d26661ebc17a4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...