MAL-2026-2584 Malicious code in @hpcc/js-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66d87d26a2f328414129f2abca4fe30a3f49afcefc1734ff29504b30e8e5e538 The package @hpcc/js-api was found to contain malicious code. Source: ghsa-malware baed13149b187a8ebee8b70891d8c38114a2f8c25e0048e5f2524ae8cb61217e A...

Malicious Package

Overview @hpcc/js-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

@adobe-apimesh/mesh-builder (=1.4.0-beta.5), @akylas/nativescript-cli (>=8.7.2 <=8.8.2) +328 more potentially affected by CVE-2026-27904 via minimatch (>=7.0.0 <=7.4.6)

minimatch NPM version =7.0.0, =8.7.2, =5.5.0-682, =0.0.5, =0.0.6, =3.6.0, =2.6.0, =2.5.0, =3.6.0, =4.6.0, =1.11.0, =4.0.0, =2.0.7, =2.0.4, =1.2.1, =1.3.1 and more Source cves: CVE-2026-27904 Source advisory: OSV:GHSA-23C5-XMQV-RM74...

Malicious code in rdio-js-api (npm)

The package rdio-js-api was found to contain malicious code...

ourtunes (>=0.0.0 <=1.1.0), play-url (>=0.0.2 <=0.0.5) potentially affected by unknown CVE via rdio-js-api (=0.0.6)

rdio-js-api NPM version =0.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on rdio-js-api and may be impacted: - ourtunes =0.0.0, =0.0.2, =0.0.5 Source cves: unknown CVE Source advisory: OSV:MAL-2025-31754...

Malicious code in cortex-js-api (npm)

The package cortex-js-api was found to contain malicious code...

Malicious code in hease-js-api (npm)

The package hease-js-api was found to contain malicious code...

MAL-2025-17598 Malicious code in cortex-js-api (npm)

The package cortex-js-api was found to contain malicious code...

MAL-2025-31754 Malicious code in rdio-js-api (npm)

The package rdio-js-api was found to contain malicious code...

MAL-2025-22331 Malicious code in hease-js-api (npm)

The package hease-js-api was found to contain malicious code...

Mail.ru: Eval-based XSS in Game JS API (mailru.core.js) via cross-origin postMessage()

mailru.core.js as used by GMR/store.my.games application was vulnerable to XSS via PostMessage handler...

Google Chrome < 20.0.1132.43 Multiple Vulnerabilities

Binary data 800967.prm...

Buffer overflow

Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...