Malicious code in zer0one-dnslog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 903c45d49e6716373a67196c41e8acfbf8afa3320a635380ffe3403e8f127605 The package is published as a 'simple date formatting utility' but ships a postinstall payload that, on npm install, runs a curl pipeline against clo...

MAL-2026-5087 Malicious code in buffer-utilities (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3cf478b4c7637e44008fcc4590911059673b2efa3b3e956676ca18e5462c3d5 buffer-utilities impersonates the legitimate buffer package by Feross Aboukhadijeh, copying its name, email, homepage, and GitHub repo metadata, and...

MAL-2026-4344 Malicious code in verify-mycommand (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f94ffb54a2471d0cc94ce1ea88f741e034221a374f17bfadbd609cb22f14f24 On npm install, postinstall.js executes whoami and id, collects host identity hostname, platform, cwd and CI metadata CI, GITHUBREPOSITORY, NODEENV...

Malicious code in power-apps (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f68653eed66e7343973bc919788864990337f7645072d32a9d7465d4bf4ff4e7 On npm install, postinstall.js executes whoami, id, and reads os.hostname, os.platform, process.cwd, and CI/GitHub environment variables, then sends...

Malicious code in secdriven (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e64bd0b65a5cddc6e2032cfdd0a23f06c980a25066490b223d07e1b2e4efe3d8 On npm install, postinstall.js executes whoami via childprocess and reads os.hostname, os.platform, the working directory, and CI / GITHUBREPOSITORY...

Malicious code in did-0091 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a50f30be232b343bc9dff677d6c208f16fff861009dccc9f76409d37264205b On npm install, the package's postinstall script runs node -e to fetch the installer's public IP from api.ipify.org, execute id || ver && whoami &&...

MAL-2026-4160 Malicious code in @apps-home-dashboard/events (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc0d8563d3400388ed59cbe3c7f24298ca289895f3633ff4cf1f179d82cda799 The package @apps-home-dashboard/events was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3817 Malicious code in apex-trading (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7cf744353f06f389c92cd15c56bf0ec7d29860e8af7c9618413cf65e455428eb The package apex-trading was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3721 Malicious code in npmjs_ethers-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97aa3b72d45b1d6c6dc376c60b00c8c1fe60a9664d6767ffa64ba0ca1a4cf1b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3717 Malicious code in truffle-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52bd5b41de871fbbc8c5895f63dfec08ba2ff6ecb9ea03fa6fdb5d9245c74616 The package.json lifecycle script invokes require'childprocess'.execSync with a curl command at install time. Running curl through childprocess durin...

MAL-2026-3653 Malicious code in @design-system-coopeuch/web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a871445c3913d747a2f1383bcfdac02d6dec26ddb2053260340284cf4ee02233 Package @design-system-coopeuch/[email protected] is a dependency-confusion squat of an internal-looking scope, published at an inflated 999.x version to...

MAL-2026-3592 Malicious code in hedwig-tsconfig (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1a650b67b76184573f147a7b286249b1de734cfa85647aea9a9bea3284e155f8 The OpenSSF Package Analysis project identified 'hedwig-tsconfig' @ 99.8.1 npm as malicious. It is considered malicious because: - The package...

CVE-2026-3828

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

MAL-2026-3415 Malicious code in ac-sasskit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8d0a627b8de0f6fc1b418dbc3f6242c1b3c4a0e39e5de9d6b70edce441d72db The package ac-sasskit was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in rsflows-pexml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ef5b11ec067e18cc3a024fee21e569e0f44cf180619e974cbb1dd8325e1b10c The package rsflows-pexml was found to contain malicious code. Source: ghsa-malware f1f4ac6cd17db4404613301b8405f7033d584985cb52af8c0aee3042bc1c0c8d...

Malicious code in @rsi-community/hub-schema (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d578b50b6334d8e8034b40a4820513fe79475d3466f3cc9c1bc71a619fc3b0a The package @rsi-community/hub-schema was found to contain malicious code. Source: ghsa-malware...

Malicious code in oneblk-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f46bbc3e155a30851463f65a3f9d5af33ebd5172df5ad70f7b022a77448fc6eb The package oneblk-design-system was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in mrdaa-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 757aca74d8d75ecde7421f2c632969a5b34c11a279d9d28b75755c2ca0825ceb The package mrdaa-frontend was found to contain malicious code. Source: ghsa-malware 0b6c586cd7adad52516658de8bbb3eb18f166350414f223fd73fe34a240d6948...

MAL-2026-3363 Malicious code in mrdaa-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 757aca74d8d75ecde7421f2c632969a5b34c11a279d9d28b75755c2ca0825ceb The package mrdaa-frontend was found to contain malicious code. Source: ghsa-malware 0b6c586cd7adad52516658de8bbb3eb18f166350414f223fd73fe34a240d6948...

Command Injection

Overview @evomap/evolver is an A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol GEP for auditable, reusable evolution assets. Affected versions of this package are vulnerable to Command Injection via the runInSandbox function. An...