MAL-2025-6258 Malicious code in redux-saga-task-cancel-rce (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fdf4f44f0e2251feb64569ec5e6632d61028a3700988bf3e904d2b70ae3955f4 The OpenSSF Package Analysis project identified...

MAL-2025-6232 Malicious code in plugin-basic-ssl (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60c91f97ac10fa598313b2e03c827655a79a9eb89adf780dbd0df721f49780a8 Any computer that has this package installed or running should be considered...

MAL-2025-6008 Malicious code in os-apps-ui-curvelibrary1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d69bf54e33d46b564e56a260b65d3c9b8d3a7202dfec0feb06e2930c0bc53dce The OpenSSF Package Analysis project identified 'os-apps-ui-curvelibrary1' @ 12.9.9 npm as malicious. It is considered malicious because: - The...

MAL-2025-5838 Malicious code in @0xzyo111/frontend-logger (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ea6fe9c933bc0a4ac656882af6f4662783f92087518dbbb253c351f60d44b63 Any computer that has this package installed or running should be considered...

MAL-2025-5295 Malicious code in walletsendmoney-paypal (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77ab40d8bb0c8f25b6a75b9fb6c84c5faaef81ebd1a833649ca79fad2841deb9 Any computer that has this package installed or running should be considered...

MAL-2025-3865 Malicious code in mfe-react-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f7835d0f6b232544302030371ac74d4c595860a04736a2ef54259a32993f9c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3576 Malicious code in adobe-io-events (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 96f150232693e090d60954bb70dd3a03535edeceb5d77cc30a30914454396963 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3566 Malicious code in lezer-snowsql (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 79d686dc87e1e046c8091bd313f15cba6ccc513fa0effa19a8798c4d23e066c5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2801 Malicious code in nextmvc3primary (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9d8a367c5538d9d76897813994ee49411b97862b8fa79250cb918d36c78f5a5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2793 Malicious code in castorama.pl (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 730bed67861cb1d30e187eb40b957257e8395b86e8a9e255005ba3b808369878 The OpenSSF Package Analysis project identified 'castorama.pl' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2025-2292 Malicious code in hybrid-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eac5872f7c58c6dc0aa16876689ec20891753358c36a7a1c35c223e3d3f9cf38 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2229 Malicious code in limit-order-validation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7ad6cba9faf323fb0ffae19f703ba40944f39673b2e8803037d19ff0990671f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2209 Malicious code in poc-by-shahwar (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6381347b8b3c6e2f8f2d7aa1b39647e7f7444e10122cd821b80ae6b3d05c5a7e The OpenSSF Package Analysis project identified 'poc-by-shahwar' @ 0.1.0 rubygems as malicious. It is considered malicious because: - The packag...

MAL-2025-2210 Malicious code in poc-genrateed-by-noob (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2adff977f2503f0afe5fb20e3154fa4f8c9a3d0fa5dc7a96613fb5b9434673b4 The OpenSSF Package Analysis project identified 'poc-genrateed-by-noob' @ 0.1.0 rubygems as malicious. It is considered malicious because: - The...

MAL-2025-2066 Malicious code in aem-maven-archetype (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ccc92d5c4e3257cf07baae14d4ebf9e7b16276a8433cfff70bc323d41aad2f4a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1522 Malicious code in @maheshtestorg/maheshtestpackage (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eacc15d981c527f9ae0a2007c6a379418fa4fd05d4fe903b0216e19aaed08634 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1505 Malicious code in storyblok-rich-text-astro-renderer-workspace (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ca413e5e4f59154a8de4096af868e37c16b2b9df85e5e20a341283c83e7b1db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1209 Malicious code in calendar-card-component (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95a4969cc148bc29146d190547f35d8feedf6f215b80c642dc30147343561f09 Any computer that has this package installed or running should be considered...

MAL-2025-590 Malicious code in sandstorm-widgets-nyse-website (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 521032aa86f84d6ee0bb3ad2b7b97e43683ed2040212f5b7cb5359f10549fea6 The OpenSSF Package Analysis project identified 'sandstorm-widgets-nyse-website' @ 7.0.1 npm as malicious. It is considered malicious because: -...

MAL-2025-348 Malicious code in dell.github.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 615b5542a30acb872c70cdfcd28099420c22dd3edecf21285afee3a811f3e967 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...