13 matches found
Malicious code in @limebike/frontend-core-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36e6a8b7768f00cc5d468fe7a21f8792da1970b60e5ccbad17eefeda1a8d5b3d Package squats the @limebike npm scope and ships a preinstall/postinstall hook node index.js that, on npm install, collects hostname, non-internal...
Malicious code in fancode-web-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e56c163153700b6fef7090e078a98b7c2403088e5c5f487344dc419af8adaa7 The package fancode-web-app was found to contain malicious code. Source: ghsa-malware a933e6c673f3cf2c4cb0e768570b64dcf627ac59e6b29c2e9afd5a5fb3d4396...
MAL-2026-2057 Malicious code in @emilgroup/payment-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83fcb6922c65850eff14baf7a463c2b14b358ffebdc5a15c312ec7328a142407 The package @emilgroup/payment-sdk-node was found to contain malicious code. Source: ghsa-malware...
MAL-2026-791 Malicious code in @hashicorp-internal/vault-reporting (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85e2c508de22734977cac24ec430b5cfece85e6367f577df76caa740b5594eb7 The package @hashicorp-internal/vault-reporting was found to contain malicious code. Source: ghsa-malware...
Malicious code in internallib_v838 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9a033080221d18397e6453d359fc3e59ebab68f195bd8faa9def63ff1426ca8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in zero-timeout-message (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88a6e8ed6991cf808053c17befcdab9455effa8b8510ef06d38f819ef7958071 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in label-merge-conflicts-action (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c0f4e7055373f34da86b2f4a870acff07073a74806372655dd69ac315c6c598d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in a-lbum-do-wnload-avai-lable-file-2016-44588-my-wild-west-fzmj0-gpjzue (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 23d227e690fcb2c6fa40eb050274026415cc858c76009d5e255816dae180ffec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @diotoborg/voluptatibus-officiis (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9322e1e7487e386e240863f00bd8d99715e77d1ca16faaf17806c7560befc028 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @bybit-fe/bitd (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5077b0e3b0405cb1364268fcb890393fb22d8c31261cdd25f310d0e6e82c5a51 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @greetznl/breekz (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 254ec22dbc2511033a40d445bf8fa5e3e6ed6a5555c1dbb5ba9293c3a8eed3e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in zomato-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60445d8fccd3c824c3ba2594e839f7c6a8a2c1c798879fe0509ab73b7c58481d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in brlc-token (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d7212ac759445a19263a1bc31ab713414359f0ce212665d53b2b150651a7b34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...