Malicious code in axis-charts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2948113b9e8ba2a0eaf9f07de49e63efdcdb91450acb69c6e5c9da9e2f982eb The package axis-charts was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in cktool.core.internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95da3751f8d8f63d46e480fc465291ffa814ac0294663c1d3d62d6b4b40df73c The package cktool.core.internal was found to contain malicious code. Source: ghsa-malware...

MAL-2025-49310 Malicious code in faker-python (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2d88bf5533b182da36c514791c3e6841d83565d4d7f7065a09cdebddc2509453 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in test771 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39742384f3c2564e0528b3d94dc6b6cd66170e96d6a2818289c862bef030f39b The package test771 was found to contain malicious code. Source: ossf-package-analysis fbdb37fb2238599fb921d6fd14a8d65fdc19f6196377b91e304da671021e41...

Who'S the Evil Twin? Differential Auditing for Undesired Behavior

Detecting hidden behaviors in neural networks poses a significant challenge due to minimal prior knowledge and potential adversarial obfuscation. We explore this problem by framing detection as an adversarial game between two teams: the red team trains two similar models, one trained solely on...

MAL-2025-6389 Malicious code in component-detection (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f3a39749aff9077de404b02560689e90881fa26e3c3b9880016fb91af8700683 The OpenSSF Package Analysis project identified 'component-detection'...

MAL-2025-6255 Malicious code in redux-probe-unknown-action-rce (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d273d8be87dc1aaa71222024d9f545d4ec9bde08234f27b0c9c81f6dd8c86721 The OpenSSF Package Analysis project identified...

MAL-2025-6227 Malicious code in react-is-builtin (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ec8b0c72c247f12884f7dd1d983f39af01544eaefed640dec15bd838e4b3473d The OpenSSF Package Analysis project identified 'react-is-builtin' @...

MAL-2025-5992 Malicious code in ngx-satoris (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 673e3bc6e9e3b3d52385697990c722fc2d418dcb3169950ac1063ae5b0371c1f Any computer that has this package installed or running should be considered...

MAL-2025-5849 Malicious code in ringcentral-google-drive-notification-add-in (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis afbe2fb4071ec030a6a51319f5f0b9d45664bf8caba681cfac58bb60bd001cf0 The OpenSSF Package Analysis project identified 'ringcentral-google-drive-notification-add-in' @ 2.2.2 npm as malicious. It is considered...

MAL-2025-5832 Malicious code in @pwa-ib/eslint-plugin-compat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4d551b7911958e1076f15bbee358feaed7da5b9aea78210268e6e68261822c7a The OpenSSF Package Analysis project identified '@pwa-ib/eslint-plugin-compat' @ 1.99.99 npm as malicious. It is considered malicious because: -...

MAL-2025-5330 Malicious code in titan-exchange-shared (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bcbcec353cd72f56bcc238f2996606b61523a85e851d694e96012a54c027f606 Any computer that has this package installed or running should be considered...

MAL-2025-5274 Malicious code in testetedep (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20ba1fe5405430542f5bc80c76eed797af680bbe6ccc3df0ddefbb7a8ebaeab4 Any computer that has this package installed or running should be considered...

MAL-2025-5009 Malicious code in o11y-ds-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4fca3e674d984eeb8be380f95b3033584360c55efdc438f8f43c521b0d7239f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4999 Malicious code in eslint-plugin-panel-ops (npm)

Malware: Executes code on install, exfiltrates data via DNS to a suspicious domain. Contains a preinstall script and phone-home behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc1ea7508e63005e73356cfdb457f0050ebb7ae1f04cb319592c30a140c4e2f2 Any computer th...

MAL-2025-4423 Malicious code in tml-sso (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 847dbce1211be416799a06c22cc32901e282fd07fbb9d9b118b8763d7aa24b09 The OpenSSF Package Analysis project identified 'tml-sso' @ 10000.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2025-4046 Malicious code in trusted-firmware-a (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3a6dc31ad91aec1f31822d8aced35d9645371c5e0194f3a4b7627a6753955769 The OpenSSF Package Analysis project identified 'trusted-firmware-a' @ 100.11.1337 npm as malicious. It is considered malicious because: - The...

MAL-2025-3957 Malicious code in vscode-oja (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 222332856f685e334465b24346da36177ea57028e903aaf5c7b6fc845f1e601a The OpenSSF Package Analysis project identified 'vscode-oja' @ 100.0.2 npm as malicious. It is considered malicious because: - The package...

MAL-2025-3949 Malicious code in evo-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1963187cd4dc65fd86ae4bdae898bd2fea39e8e6a8464b3b00e2a83f5dcbb95b The OpenSSF Package Analysis project identified 'evo-web' @ 100.0.2 npm as malicious. It is considered malicious because: - The package executes...

MAL-2025-3938 Malicious code in pootle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 02e85bef7e8a01d18636b40c7543cadd257472b0b984989ba4ca747f6c4c6f5a The OpenSSF Package Analysis project identified 'pootle' @ 9.9.10 npm as malicious. It is considered malicious because: - The package communicat...