14 matches found
Malicious code in weavedb-console (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cb1233d729c7aefcbe9024196bb4af52f78854aa5ed7f46afb4fa9cd59918c1 package.json declares "preinstall": "./src/compiler/native", which auto-executes a 976 KB stripped Linux ELF binary on every npm install. The binary ...
Malicious code in weavedb-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59e557cd0501bb17925a19c5d3525fdf18f286b21750a44c0164eb7e165f55d9 package.json declares "preinstall": "./dist/runtime.node", causing npm to execute a 976 KB packed binary on every install. The file uses the .node...
Malicious code in fastapi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a753fd569a7bb908b7cdf82fe0228dc0e24dcc253b67993af5dd5c30b61f4411 This release of fastapi 0.136.3 modifies pyproject.toml and PKG-INFO to add an undocumented dependency 'fastar=0.9.0' to the...
MAL-2026-4385 Malicious code in @druids/ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 071ce35c0d6a17c606e5448f4c485228df973342935b0a11519304050877edf5 The package's package.json declares a dependency ltidisafe resolved not from the npm registry but as a direct tarball URL:...
Malicious code in @druids/ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 071ce35c0d6a17c606e5448f4c485228df973342935b0a11519304050877edf5 The package's package.json declares a dependency ltidisafe resolved not from the npm registry but as a direct tarball URL:...
MAL-2026-4662 Malicious code in rendezvous-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b4a03eaa6b09e5b9e291dd450f58e49a639c3efd8fa952f5ac48f9aea04aba4 On npm install scripts.install runs node index.js and on require'rendezvous-js', lib/core.js collects os.userInfo.username, os.hostname, and the...
Malicious code in 3pool-sushibar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5112bb2ea3570e56be6525c48ef026624f46dead693e78333696273c911c6c42 This package is a dependency-chain dropper. package.json declares 15 undocumented dependencies in three numbered families web3chain02032, rusttool070...
GHSA-G7CV-RXG3-HMPX Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
Summary On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow...
Malicious Package
Overview typescript-vue-apollo-smart-ops is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious...
Malicious Package
Overview transform-member-expression-literals is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it...
Malicious Package
Overview yoshi-base is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The package...
Malicious Package
Overview typescript-rtk-query is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...
EUVD-2020-8088
Malware in sbrugna...
PYSEC-2020-192
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...