Malicious code in api-rs-node (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

MAL-2026-4348 Malicious code in api-rs-node (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

MAL-2026-4350 Malicious code in clobprice.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

Malicious code in clob.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

MAL-2026-4349 Malicious code in clob.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

Brave Desktop 1.90.121 Security Fixes

Changed IPFS gateway usage from "ipfs.io" to "inbrowser.link" for IPFS domain resolution. - Fixed broken address bar layout for narrow window widths. - Updated body-sniffing to respect "Content-Disposition: attachment" in de-AMP as reported on HackerOne by newfunction. Upgraded Chromium to...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: flannel, slsa-verifier, vexctl, postgres-operator, kargo, dataplaneapi, kine, falco-no-driver, terraform-provider-azapi, aws-flb-kinesis, polaris, bazelisk, aws-sigv4-proxy, kots, nri-nginx, knative-eventing, prometheus, kubernetes-dashboard-metrics-scraper,...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: flannel, slsa-verifier, vexctl, postgres-operator, kargo, dataplaneapi, kine, falco-no-driver, terraform-provider-azapi, aws-flb-kinesis, polaris, bazelisk, aws-sigv4-proxy, kots, nri-nginx, knative-eventing, prometheus, kubernetes-dashboard-metrics-scraper,...

GHSA-JRG3-GFJW-HM96 vulnerabilities

Vulnerabilities for packages: flannel, slsa-verifier, vexctl, postgres-operator, kargo, dataplaneapi, kine, falco-no-driver, terraform-provider-azapi, aws-flb-kinesis, polaris, bazelisk, aws-sigv4-proxy, kots, nri-nginx, knative-eventing, prometheus, kubernetes-dashboard-metrics-scraper,...

CVE-2026-32288 vulnerabilities

Vulnerabilities for packages: docker-compose-fips, omni-fips, gitlab-operator, harbor-fips, mailpit, tkn-fips, gitlab-workhorse-ce, prometheus-operator, gitlab-rails-ce-fips, mattermost-fips, vendir, knative-serving, k8ssandra-client, cert-manager, chezmoi, envconsul-fips, gitlab-kas, scorecard,...

GHSA-X4JJ-H2V8-HQQV vulnerabilities

Vulnerabilities for packages: docker-compose-fips, omni-fips, gitlab-operator, harbor-fips, mailpit, tkn-fips, gitlab-workhorse-ce, prometheus-operator, gitlab-rails-ce-fips, mattermost-fips, vendir, knative-serving, k8ssandra-client, cert-manager, chezmoi, envconsul-fips, gitlab-kas, scorecard,...

GHSA-5W89-2C2X-6X66 vulnerabilities

Vulnerabilities for packages: age-fips, cluster-api-ipam-provider-in-cluster, jobset-fips, crossplane-provider-aws-cognitoidp-fips, cluster-api-provider-vsphere, json-exporter-fips, docker-compose-fips, kubernetes-csi-external-resizer-fips, kube-logging-operator-custom-runner, gitlab-workhorse-ce...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: emissary, cluster-api-ipam-provider-in-cluster, minc-fips, pgwatch, jobset-fips, kubernetes-ingress-defaultbackend-fips, crossplane-provider-aws-cognitoidp-fips, crossplane-provider-aws-ssm, apache-exporter, nri-mongodb, cluster-api-provider-vsphere, yunikorn-k8shim,...

CVE-2026-35480 vulnerabilities

Vulnerabilities for packages: spegel, k3s, ipfs-cluster...

GHSA-378J-3JFJ-8R9F vulnerabilities

Vulnerabilities for packages: spegel, k3s, ipfs-cluster...

blake-streams (=0.1.0), fuel-p2p (>=0.4.0 <=0.5.0) +8 more potentially affected by CVE-2026-34219 via libp2p-gossipsub (>=0.29.0 <=0.35.0)

libp2p-gossipsub CARGO version =0.29.0, =0.4.0, =0.20.0, =0.36.0, =0.16.0, =0.1.0, =0.1.1, =0.2.0, =0.39.1, =0.39.3 Source cves: CVE-2026-34219 Source advisory: OSV:GHSA-XQMP-FXGV-XVQ5...

Malicious Package

Overview @solana-ipfs/sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-2218 Malicious code in @solana-ipfs/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 767b9130ad69548a70a52f86dfe12ae295731bb407cba85504eb9e02c56d64a3 The package @solana-ipfs/sdk was found to contain malicious code. Source: ghsa-malware 980d6b7d6391f5f58861078fac68f9222d3365190f1482debece7ae55b0170...

Malicious Package

Overview @pumpfun-ipfs/sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-2216 Malicious code in @pumpfun-ipfs/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21604418f7961773b23e7b3544ca95874cba1432a87ae6d4127531e651133f78 The package @pumpfun-ipfs/sdk was found to contain malicious code. Source: ghsa-malware...