312601 matches found
Malicious code in @sauruslord/libsignal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0c2cf2672d98396a7b66cb732741d269732f5faae72293ea46e06b879e7a45b Package name impersonates Open Whisper Systems' libsignal-node but ships unrelated code. On require of index.js, after a 1-second delay, install.js...
MAL-2026-10659 Malicious code in @sauruslord/libsignal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0c2cf2672d98396a7b66cb732741d269732f5faae72293ea46e06b879e7a45b Package name impersonates Open Whisper Systems' libsignal-node but ships unrelated code. On require of index.js, after a 1-second delay, install.js...
MAL-2026-10662 Malicious code in ssweb-wp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cdc75de95852418c3d695299d52199b24e52202b2e5595089b3107a73c1e86b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in sauruslord-baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 474b90ec19af5dbbc5bf3c8d27c0c4d079c7d980d6e3316dad3bbf5682abbe52 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-10661 Malicious code in sauruslord-baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 474b90ec19af5dbbc5bf3c8d27c0c4d079c7d980d6e3316dad3bbf5682abbe52 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion
A directory traversal vulnerability in the Preventive & Reservation compreventive component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1475 info: name: Joomla...
Malicious code in webpack-session-cache (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0007695a788bff7d6d0a87ee48de6771c12a1e21241bd3fc0bc7b5509608533e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-10648 Malicious code in @hkyyy/portal-widget-helper-0601 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f72e27d8bfbf5b9bfefe661d642be934399a38031c1bee028a20ed3282e0f482 The package has no real functionality — index.js only exports ok: true — and its sole effect is to run a postinstall reconnaissance script...
Malicious code in @hkyyy/portal-widget-helper-0601 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f72e27d8bfbf5b9bfefe661d642be934399a38031c1bee028a20ed3282e0f482 The package has no real functionality — index.js only exports ok: true — and its sole effect is to run a postinstall reconnaissance script...
MAL-2026-10625 Malicious code in @leviosa86com/leviosa86-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96264a8719e17bd8ec21d47213fe31dec87445e01ff312a1e46af5819e028979 Package @leviosa86com/[email protected] ships src/poc/index.js which shells out via childprocess.exec to collect host identifiers hostname, pwd,...
MAL-2026-10651 Malicious code in iwsdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66af3674e89512532e1448a9421b3318388094ff91bb2e8c32714670a7f5f2cc The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in install-skia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b665b508eeae9e0e619ed7b68e3a43248cd81d67d40a0516bbd62981ddb2359f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-10650 Malicious code in install-skia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b665b508eeae9e0e619ed7b68e3a43248cd81d67d40a0516bbd62981ddb2359f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-10598 Malicious code in monitoring-service-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fb0e7dea7e0302bc22488fbaf436dd36c0763f05ef494977822e8a1b7b3a1ab The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-10595 Malicious code in nodemon-plint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c287effa0f498762ab73bfc0e4428b4d0afbc05435b1613459f9024d0b97927 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in nodemon-plint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c287effa0f498762ab73bfc0e4428b4d0afbc05435b1613459f9024d0b97927 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-10591 Malicious code in solana-key-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68b4680547530fce361014fe8c228734a8ec33bc8c834f46285e371e8f6b9f92 On require, index.js waits 37 seconds, reads test/fixtures/keypairs.dat a 53KB base64 blob disguised as a test fixture, no test harness references it...
MAL-2026-10580 Malicious code in ethers-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3959190c7c321e0d6f512b89b3c54a6399f3e6f7daecd0563ff753a6a6fed2f5 Package name typosquats the popular 'ethers' library. package.json declares a postinstall pointing at dist/index.min.js, whose sole top-level stateme...
MAL-2026-10558 Malicious code in akshajrawat.utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 105157af41712b64f8b36ec1cb01e28958e4ad828a0c08d0979a1f6e22d1f13d The package's package.json declares a postinstall lifecycle hook that runs automatically on npm install: node -e...
Malicious code in akshajrawat.utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 105157af41712b64f8b36ec1cb01e28958e4ad828a0c08d0979a1f6e22d1f13d The package's package.json declares a postinstall lifecycle hook that runs automatically on npm install: node -e...