27 matches found
MAL-2026-1484 Malicious code in internal-lib-vulnerable (npm)
Malicious package due to data exfiltration, arbitrary code execution during installation via preinstall script, and suspicious hostname. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b46f6c2b8b094dc4a9864676457c3ea2af565204d854ab4cf1eb27be87aaa878 The package...
EUVD-2026-3746
Malicious code in internallibv962 npm...
EUVD-2025-200193
Malicious code in internallibv881 npm...
EUVD-2025-36412
Malicious code in internallibv799 npm...
EUVD-2025-33954
Malicious code in internallibv125 npm...
MAL-2025-47467 Malicious code in internallib_v52 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4d4bce17702fd04e9d38d97007a2bc8b4028c77159bcd19e1565f71d7f4ada4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3689 Malicious code in internal-lib-t1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0656cbf9afeeae51e03fe153910e1dad3a3840f219effb0583665acdfefb34ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3625 Malicious code in internallib_v803 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d6d38a29b98b95b7e5d60a3c961be6d62342f6ab74f8069f6a6d03b290a0396 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in internallib_v488 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f37f04bf2b99a1dd9d1b1233d8d2f7146da088e20564fc4bb543560acebb10db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in internallib_v590 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec78d3b6f3c622365e71936c4fd09e3057a62055d7b0474ce38ea3b6560b36e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in internallib_v268 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0751f153f42313bbb9eca09f12c8ef03953b365e3670c380b17c909d1f9d8c34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-38JR-29FH-W9VM ansys-geometry-core OS Command Injection vulnerability
subprocess call with shell=True identified, security issue. Code On file src/ansys/geometry/core/connection/productinstance.py: 403 def startprogramargs: Liststr, localenv: Dictstr, str - subprocess.Popen: 404 """ 405 Start the program where the path is the first item of the args array argument...
Malicious Package
Overview internal-lib-build is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
Malicious code in internallib_v180 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec361e941f5797b71bd3cb382920156e9ea26a2471f770195f5d7bd6295029c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in internallib_v199 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b392ff5b77259a428780d2bb24529596a239226553a8ece97f4c9158fcf2fdcd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in internallib_v158 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1da8492ed391d5df3930743a5cd60a93248793b38d63f1fbdaed6f41c9846505 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in internallib_v184 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f973437237f984373986f17f6783b8b0c9c0bb4c4967310a24517ac6601a3a4d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in internallib_v607 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 931eca513bda2e5ce823f67c77a9e9ae645bf8bdfaad07b6e6afb054cca22438 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in internallib_v1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 30dadb1aea04e5c4002ddce915ce411d6fbfc9c1cbea44f72043115a58b00577 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in internallib_v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e20f2dbd6f9f998c845fcea1c346d6b4126be9f906c2aeaaebe8e074e374193 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...