1875 matches found
Malicious Package
Overview @toloka-tb/core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @saferpay/logging is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in pdfjs-dist-v5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5827ccd19d073818da31059d76a725b171d1fc793a4f2591ed0118a35b46c35 The package pdfjs-dist-v5 was found to contain malicious code. Source: ossf-package-analysis...
Malicious Package
Overview fps-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview yuji-baileys is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview bee-quarl is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview @skyzopedia/baileys is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in undicy-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e5df89180b140f5106db0b74f5ee04330236214094173880f7baf0fd47088a8 The package undicy-lint was found to contain malicious code. Source: ghsa-malware 2713794393ff885438b3aa1cc6dc97cff34cd42825c28e917bf8ec24ee704ff7 An...
MAL-2026-988 Malicious code in vl-ui-action-group (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 681eef2c6f7a9061c23f448a351fbf64b8d5302e6343f486e534c4a440b1e793 The package vl-ui-action-group was found to contain malicious code. Source: ossf-package-analysis...
Malicious Package
Overview iru-caches is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview systemtest-network is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
CVE-2026-21318 After Effects | Out-of-bounds Write (CWE-787)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
A one-prompt attack that breaks LLM safety alignment
Large language models LLMs and diffusion models now power a wide range of applications, from document assistance to text-to-image generation, and users increasingly expect these systems to be safety-aligned by default. Yet safety alignment is only as robust as its weakest failure mode. Despite...
Malicious Package
Overview web3-sinon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview syf-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview syf-typings is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
MAL-2026-761 Malicious code in digital-checkout (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3254d2b582a5e3da6587b8994dab665d74a70e88b0383d6dd0d5f96d82e7a33 The package digital-checkout was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in deuro-landing-page (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b21bff5e6829c4c257d34d4ad60dd2d5d85f4f6fc67fdffaf74c86bb600ff7cb The package deuro-landing-page was found to contain malicious code. Source: ossf-package-analysis...
Malicious Package
Overview js-unpack is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview fileupload-util is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...