311901 matches found
Malicious code in pearpass-lib-vault (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9729170ea50dd87efd7011a6f482d6ddae18cb1c53f5fd755c3ce10f9e23448 The package pearpass-lib-vault was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1238 Malicious code in pearpass-lib-vault (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9729170ea50dd87efd7011a6f482d6ddae18cb1c53f5fd755c3ce10f9e23448 The package pearpass-lib-vault was found to contain malicious code. Source: ghsa-malware...
Malicious code in pearpass-lib-vault-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ea7f0d3f5aeb68d46d1b2937e4f8ae385bbf4259cc518a7a27c72cc0068610f The package pearpass-lib-vault-core was found to contain malicious code. Source: ghsa-malware...
Malicious code in qwery-core (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c4861116d64db41be8bae04818ecc9f3542fe4bc30055d57588f6f23c11149f3 Obfuscated downloader of encrypted code, compiled to native binary. The remote URL has to be provided to the binary. Likely impersonates legitimate npm library...
Malicious code in corp-build-utils-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 862b2e0a8f0028f96ee10ab1a7c8ea0fc397169634a9473a09865a173c483c92 The package corp-build-utils-poc was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1220 Malicious code in corp-build-utils-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 862b2e0a8f0028f96ee10ab1a7c8ea0fc397169634a9473a09865a173c483c92 The package corp-build-utils-poc was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1221 Malicious code in xrpl-dev-portal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19d7ccfb5e9bebce90f062b458b8ac38691519308db3cb6bf846b54a387dad9 The package xrpl-dev-portal was found to contain malicious code. Source: ghsa-malware 4fda3daad7ee020ce9cee13e48a40a89de8040cc479f0c4ac9687198ccd576c...
MAL-2026-1219 Malicious code in demo-pipelinetest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cdbe67e8fa0e92aa8f588916bbaf7b0c041cd6613636172f671c1a6251df15e The package demo-pipelinetest was found to contain malicious code. Source: ghsa-malware...
Malicious code in @vk-cloud-billing/common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78b5a4d83fe25260e7b73b7d40a2d8827f8ebe841ace75e3f03140b4861eb836 The package @vk-cloud-billing/common was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1217 Malicious code in @vk-cloud-billing/common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78b5a4d83fe25260e7b73b7d40a2d8827f8ebe841ace75e3f03140b4861eb836 The package @vk-cloud-billing/common was found to contain malicious code. Source: ghsa-malware...
Malicious code in chai-as-confirmed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2168a933bb356d4df8f0bdf1f0bbdcf7f8adc5622ed08ca11646b762c1ffd313 The package chai-as-confirmed was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1218 Malicious code in chai-as-confirmed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2168a933bb356d4df8f0bdf1f0bbdcf7f8adc5622ed08ca11646b762c1ffd313 The package chai-as-confirmed was found to contain malicious code. Source: ghsa-malware...
`time_calibrator` was removed from crates.io due to malicious code
It was reported timecalibrator contained malicious code, that would try to upload .env files to a server. The malicious crate had only 1 version published at 2026-02-28 and no evidence of actual usage. The crate was removed from crates.io and the user account was locked. There were no crates...
RUSTSEC-2026-0030 `time_calibrator` was removed from crates.io due to malicious code
It was reported timecalibrator contained malicious code, that would try to upload .env files to a server. The malicious crate had only 1 version published at 2026-02-28 and no evidence of actual usage. The crate was removed from crates.io and the user account was locked. There were no crates...
MAL-2026-1227 Malicious code in gaia-marionette (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81308c35c4cad5bf3f87f791133f9aff53485b715060135829785be1d33b2e1d The package gaia-marionette was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in polmarket (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11f6a7f9b6e3b1841c2ab98dd4f2b65abf89d0ff9632d58fe14a1b2b9f5ac846 The package polmarket was found to contain malicious code. Source: ghsa-malware be6a87de77c124ff75dbce268ef62ae226ca99de2026d5178d14f6b38ba0888b Any...
Malicious code in polymarket-trade-bot-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1202bbcaa78670992217c3ebaa55bb6edc17c6cb454209114639b680032d068f The package polymarket-trade-bot-api was found to contain malicious code. Source: ghsa-malware...
Malicious code in whop-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 943bd287cb6375798fdee15ba33f85737201ea9934952ee5d1f2a2336e8cd65c The package whop-sdk was found to contain malicious code. Source: ghsa-malware 4c3e9ca78194532c222b978afd00f7bb4be1ca1ba6cd442e1892d17ee6e67ccc Any...
MAL-2026-1215 Malicious code in whop-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 943bd287cb6375798fdee15ba33f85737201ea9934952ee5d1f2a2336e8cd65c The package whop-sdk was found to contain malicious code. Source: ghsa-malware 4c3e9ca78194532c222b978afd00f7bb4be1ca1ba6cd442e1892d17ee6e67ccc Any...
MAL-2026-1203 Malicious code in polmarket (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11f6a7f9b6e3b1841c2ab98dd4f2b65abf89d0ff9632d58fe14a1b2b9f5ac846 The package polmarket was found to contain malicious code. Source: ghsa-malware be6a87de77c124ff75dbce268ef62ae226ca99de2026d5178d14f6b38ba0888b Any...