37 matches found
MAL-2025-6804 Malicious code in sendbird-visual-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c99c539ebeed9289f0f603fbfe2d80bc9fe35f624bbd036ad397617db3be8de2 The OpenSSF Package Analysis project identified 'sendbird-visual-test' @ 11001.0.1 npm as malicious. It is considered malicious because: - The...
MAL-2025-6800 Malicious code in sendbird-docs-validation (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6b8e9f1e70bd8605ecac970f5651ab351d6560a0001119746388c77f590ba4d4 The OpenSSF Package Analysis project identified 'sendbird-docs-validation' @ 1005.0.1 npm as malicious. It is considered malicious because: - Th...
MAL-2025-6678 Malicious code in ledger-provider (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 213b191babc7191e43f7c5440581518cecd61302d3870b5fbbe6f20266b8e9cf The OpenSSF Package Analysis project identified 'ledger-provider' @ 1337.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2025-6259 Malicious code in fuzzponent (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c090409f91fd478642c58e1c30b8fc667878e0128355fb88448e4ebed4d8aa9 Any computer that has this package installed or running should be considered...
MAL-2025-6239 Malicious code in scheduler-builtin (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9238549a48f542b04214bdd11a30353e38a60a8838caafb36557ef1225cf6fd8 Any computer that has this package installed or running should be considered...
MAL-2025-5992 Malicious code in ngx-satoris (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 673e3bc6e9e3b3d52385697990c722fc2d418dcb3169950ac1063ae5b0371c1f Any computer that has this package installed or running should be considered...
MAL-2025-5845 Malicious code in workspace-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6337f633e71ac4bbdd2541a6ff172f67246451a691838940e3578c7c7ba4ee18 The OpenSSF Package Analysis project identified 'workspace-loader' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2025-5298 Malicious code in prototype-poisoning-package (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb7e50b04c4ffcf207fdb21b54873ca1488fe7dd526b90c1206bc830af9b111b Any computer that has this package installed or running should be considered...
MAL-2025-5294 Malicious code in validate-rb (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7975ebc737a4c604d0d25ee00a187fde74d2442953ec305c57c738ebd4cdedcd The OpenSSF Package Analysis project identified 'validate-rb' @ 1.0.0...
MAL-2025-5272 Malicious code in netbsd-x64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e073f169f275d0d59453b46c67c75274841817b47079b22d5dff4fb7aba1d7c6 The OpenSSF Package Analysis project identified 'netbsd-x64' @ 0.24.9 npm as malicious. It is considered malicious because: - The package...
MAL-2025-5002 Malicious code in studiospanelopsweb (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 39109af2544b22484679e1ee9e8dccfc530166cbf409082b00c9ac4973669e46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4981 Malicious code in vscode-spring-initializr (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eade5f13d9d6cf7678dfdf2bac67cfc29db071d6d1682cc6b3aadeac7561e30f Any computer that has this package installed or running should be considered...
MAL-2025-4724 Malicious code in next-pwa-template (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 598361c7d39c208feedabd0f7d7e0b666d50ad75fa8f2c7db2a64654e3c6a194 Any computer that has this package installed or running should be considered...
MAL-2025-4424 Malicious code in @cat-ecom/pcc-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 96cbe81d68d4bf1046012598de37b5dcef6f28b3ce01653ab29b3405b359d30e The OpenSSF Package Analysis project identified '@cat-ecom/pcc-components' @ 99.99.99 npm as malicious. It is considered malicious because: - Th...
MAL-2025-3277 Malicious code in studocu-extension-pack (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b65c603a493cae2050aa25da30a9442d60b84baa80985df69af20af3e08fc9f6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2802 Malicious code in web-commerce-hook (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3db0dcb1f890e4ce0fdf79bcdd216d419d1bdcefb1cac333858a78b0d7efa3ca The OpenSSF Package Analysis project identified 'web-commerce-hook' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2025-2344 Malicious code in mocha-dast-reporter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09f8297f30739d5810d9dfb46db787d2d403256217f71cbd9b85c5e8671ff8f6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2340 Malicious code in notification-center-admin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c3608296b1021343f3245e75793f59483ee9c78f0aa41ca662756286d02d348a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2068 Malicious code in unms-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9afdcd693808bda70843549fdd063575a29fdfeb78fd1baabc86e74b3cfb868d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2062 Malicious code in learning-kotlin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5560da3fe5e63bf7da20ae1cd458fd7999e279367f07227ce8a6019ca497dc87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...