311862 matches found
MAL-2026-4195 Malicious code in instal (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 988f86dc0694b7d27a640809cef5d04ed431a36bb02bb02e69e20724a20db2b9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-4499 Malicious code in bolt-delivery-menu-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc39247db76b4edd80084e400324518739f141dafda621d368c3e5a9ac41f791 Package executes a DNS-based beacon at both install time package.json scripts.install runs node index.js and on every require of the module...
Malicious code in @saidddddddddd/somethingelse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10c6c962a47a7992e9b415754433ca28aec0b867273e477fdc76acc96688554d Package ships multiple multi-file randomly-named JavaScript bundles at the tarball root dist/0wj8nina9p.js, dist/g2gldlcg6a.js, dist/k72k75nqjc.js,...
MAL-2026-4430 Malicious code in @saidddddddddd/somethingelse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10c6c962a47a7992e9b415754433ca28aec0b867273e477fdc76acc96688554d Package ships multiple multi-file randomly-named JavaScript bundles at the tarball root dist/0wj8nina9p.js, dist/g2gldlcg6a.js, dist/k72k75nqjc.js,...
Embedded Malicious Code
Overview art-template is a simple and superfast templating engine that optimizes template rendering speed by scope pre-declared technique, hence achieving runtime performance which is close to the limits of JavaScript. At the same time, it supports both NodeJS and browser. Affected versions of th...
MAL-2026-4433 Malicious code in @self-evolving-harness/kivo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce31b5c287727dabb5479a114843b06b80bbd75db10d74014a00db80b9b321bd The package's LLM pipeline Kivo.ingest → value-gate → OpenAILLMProvider resolves its endpoint via resolveLlmConfig in...
Malicious code in @doctolib-apps/native-personalized-services (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac2da4b8de2ea081f8fe7b84ef6182ab363616dc0515aaa03368bcba4a4b8e76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview iv-stubborn is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
MAL-2026-4186 Malicious code in @doctolib-apps/native-personalized-services (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac2da4b8de2ea081f8fe7b84ef6182ab363616dc0515aaa03368bcba4a4b8e76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4191 Malicious code in iv-bloomfilter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7f2a3b58036e1174efe383ee906172b07f9ddc3410d913e51b4e614f9ff09ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4192 Malicious code in iv-stubborn (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b8934157781e3457974f0609c54f14503424c9077b316f2e8e843e454989922 On npm install, both preinstall and postinstall lifecycle hooks execute index.js, which collects the installer's hostname, all non-internal network...
Malicious code in @limebike/frontend-core-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36e6a8b7768f00cc5d468fe7a21f8792da1970b60e5ccbad17eefeda1a8d5b3d Package squats the @limebike npm scope and ships a preinstall/postinstall hook node index.js that, on npm install, collects hostname, non-internal...
MAL-2026-4187 Malicious code in @limebike/frontend-core-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36e6a8b7768f00cc5d468fe7a21f8792da1970b60e5ccbad17eefeda1a8d5b3d Package squats the @limebike npm scope and ships a preinstall/postinstall hook node index.js that, on npm install, collects hostname, non-internal...
Malicious code in @budetzz/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c79c7b873a8ea61831fdfd7b987de0efbf8944d2fd407a8dca4b70042a3d029c This package is a republished fork of @whiskeysockets/baileys that adds two undocumented network behaviors. 1 lib/Socket/newsletter.js line 111...
Malicious code in @limebike/supreme-data-grid (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 018193d4f68c2fcaad63da76c3c125ed94d5a6da1efaab85147ff59efafa0b46 @limebike/supreme-data-grid occupies the @limebike npm scope private-looking namespace with placeholder metadata and a README stating 'Claimed by...
MAL-2026-4189 Malicious code in @limebike/supreme-data-grid (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 018193d4f68c2fcaad63da76c3c125ed94d5a6da1efaab85147ff59efafa0b46 @limebike/supreme-data-grid occupies the @limebike npm scope private-looking namespace with placeholder metadata and a README stating 'Claimed by...
Malicious code in banana-stand (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab14273a518e66f357d229806e82cb2f4ce211cae4bc5de0f2d15eeab67fb720 On npm install, the package's install lifecycle hook runs node index.js, which loads lib/core.js. That module reads os.userInfo.username, os.hostname...
MAL-2026-4190 Malicious code in @limebike/supreme-date-pickers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c82e94fac384ea6891e5aea99635ab429663e321502acbbc9eaaf81864e0d5e On npm install, both preinstall and postinstall hooks execute index.js, which collects the installer's hostname, all non-internal network interface I...
Malicious code in @scp3500/openvl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fee1ab6796d8af462e9f00e82a28545b72eae4d9d9f0ab0f36ca4b09cd29487c scripts/mcpserver.js loads childprocess, fs, and http, reads from process.env, and issues HTTP POST requests to a hardcoded external destination at...
MAL-2026-4431 Malicious code in @scp3500/openvl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fee1ab6796d8af462e9f00e82a28545b72eae4d9d9f0ab0f36ca4b09cd29487c scripts/mcpserver.js loads childprocess, fs, and http, reads from process.env, and issues HTTP POST requests to a hardcoded external destination at...