EUVD-2025-36868

Malicious code in jest-hoist npm...

MAL-2025-49013 Malicious code in jest-hoist (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20b09510a5986b0d378b1a5d9f7c081cd5d2bb67ad05f55090240bb0e976729e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview jest-hoist is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in jest-hoist (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20b09510a5986b0d378b1a5d9f7c081cd5d2bb67ad05f55090240bb0e976729e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in helper-hoist-variables (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d8c7136be25a9c380c74ba6c7a58d2114704c0b102b6362802aa21f7c7ee39f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3254 Malicious code in helper-hoist-variables (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d8c7136be25a9c380c74ba6c7a58d2114704c0b102b6362802aa21f7c7ee39f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in hoist-non-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 424865e2aee8385bd2b6cf103c939dc9a1d3d8784efeb6d8f197d71de928340b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2387 Malicious code in hoist-non-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 424865e2aee8385bd2b6cf103c939dc9a1d3d8784efeb6d8f197d71de928340b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview workspace-hoist-all is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...

Malicious code in workspace-hoist-all (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e591793f57ce0827e5e1fe1fa294727de96ea3ef4263ed9171550a534d6be47 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Microsoft Edge Chakra JIT Type Confusion Bug

Microsoft Edge: Chakra: JIT: Type confusion bug CVE-2018-8467 The switch statement only handles Js::TypeIdsArray but not Js::TypeIdsNativeIntArray and Js::TypeIdsNativeFloatArray. So for example, a native float array can be considered as of type ObjectType::Object under certain circumstances wher...