MAL-2026-889 Malicious code in responses-starter-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83a4aedeb600114d998f8a0351978f589d1d3e9d55ebe061e7d25e95db19d2c7 The package responses-starter-app was found to contain malicious code. Source: ghsa-malware...

MAL-2026-887 Malicious code in pyrefly (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f731c9ac1e4183a530b005b34a0e1331b1dc61ef8fc60aea56170766e444a48e The package pyrefly was found to contain malicious code. Source: ghsa-malware 588445ae77d1fbd6e2123a29bd2331067492d3a518d7dbbc3a1d57a400622e83 Any...

Malicious code in hxz-protection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13dc9932ef1f00aa6dc52dbc5bbb2a7b4096ff94d4dc575903837159d377ba18 The package hxz-protection was found to contain malicious code. Source: ghsa-malware bbf0a8985b32c32401ddf04b75ef930250aab926a54a6ae5dfce381386eb0876...

MAL-2026-884 Malicious code in hxz-protection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13dc9932ef1f00aa6dc52dbc5bbb2a7b4096ff94d4dc575903837159d377ba18 The package hxz-protection was found to contain malicious code. Source: ghsa-malware bbf0a8985b32c32401ddf04b75ef930250aab926a54a6ae5dfce381386eb0876...

MAL-2026-891 Malicious code in wropz-6module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b88cb695572ff176899ffcf9aed27987ea204493850e0bf4b17537d50b93dd59 The package wropz-6module was found to contain malicious code. Source: ghsa-malware 38cd1d5c8154310330369a075368b8556bcffed70470476c894f5d4feb1a2bae...

Malicious code in wropz-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48a8b0a5b3f12323a6bbc3014fa023b370236b8874253a47ed61930d4bbcee4d The package wropz-module was found to contain malicious code. Source: ghsa-malware fbe5a4f55692f6a9db6c052776dc2fcfd3825f7da077f3e45b67466cd4059bd0 A...

Malicious code in console-style-pro0o0o0o (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fe7407a5523ef7efe6bec615d9601fe978b9e5de59d19d7e8e2ff054c5e09e9 The package console-style-pro0o0o0o was found to contain malicious code. Source: ghsa-malware...

Malicious code in xsstesting (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f21a18d9a86ac4934f1f0b7970e4530834a2fedfa1c2c3abbd3e2d3e3c664f9 The package xsstesting was found to contain malicious code. Source: ghsa-malware f0cd84b068f1b6a6bf2ac129128c0e052ca218788bc569eedce535a479333fc4 Any...

Malicious Package

Overview xsstesting is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

MAL-2026-885 Malicious code in metadata-stripper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8c267045a16bae6cd73d8221edda625cfc4c3492849b92a48065fd3cbb2723a The package metadata-stripper was found to contain malicious code. Source: ghsa-malware...

MAL-2026-893 Malicious code in xsstesting (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f21a18d9a86ac4934f1f0b7970e4530834a2fedfa1c2c3abbd3e2d3e3c664f9 The package xsstesting was found to contain malicious code. Source: ghsa-malware f0cd84b068f1b6a6bf2ac129128c0e052ca218788bc569eedce535a479333fc4 Any...

MAL-2026-882 Malicious code in despicable-me (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80a6021ab3cbadc4a7b2c84dee85c1da3a01ecbab1b0a3b1e8aa1f6835a818ca The package despicable-me was found to contain malicious code. Source: ghsa-malware 8919618889f25d842da82fbc9462b9c95cfdcc8aaf393841f00b952d6f2e71f1...

CVE-2020-37167

ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...

`finch_cli_rust` was removed from crates.io for malicious code

This attempts to typosquat the existing crate finchcli to steal credentials from local files. The malicious crate had 1 version published on 2025-12-08 and had been downloaded 18 times. There were no crates depending on this crate on crates.io. Thanks to Matthias Zepper of NGI Sweden for reportin...

GHSA-XP79-9MXW-878J `finch-rst` was removed from crates.io for malicious code

This attempts to typosquat the existing crate finch to steal credentials from local files. The malicious crate had 1 version published on 2025-12-08 and had been downloaded 21 times. There were no crates depending on this crate on crates.io. Thanks to Matthias Zepper of NGI Sweden for reporting...

Malicious code in stylelint-recommended (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3f0d274dda57eb9c09967bc0bfad1709fd8ddcbf3ec4c0e7e9828826e6d0d9a The package stylelint-recommended was found to contain malicious code. Source: ghsa-malware...

MAL-2026-872 Malicious code in stylelint-recommended (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3f0d274dda57eb9c09967bc0bfad1709fd8ddcbf3ec4c0e7e9828826e6d0d9a The package stylelint-recommended was found to contain malicious code. Source: ghsa-malware...

Malicious code in ether-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91fd63bfdad336609f23485d2ef2ac2140053efbfb31aa2bec1811be7139db95 The package ether-lint was found to contain malicious code. Source: ghsa-malware c8e14ef98aaca0dc035a27f9edd6286e29e73d16c2b4e7c98ab1afe1e4740e35 Any...

Malicious code in oraceldb (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 723248915f1acb6de7c5bed00d0d554ced6b8cd6359d79436c8ab02f49f18360 Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...

Malicious code in pydantics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dda36b358c57e79abf804d53d4750cf2836f930b07aa524c0b5c4d231d92143f Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...