848 matches found
MAL-2026-3302 Malicious code in ally-starter-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac9875cbfe312bac49b96d321664e13d98ff6214d38db1d0b3339500a83204cc The package ally-starter-api was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in ally-forms (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a3b62d3c11f608087ea0651eb467ec7e0c9e43258abb6df889f64c8d1a6eb61 The package ally-forms was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3300 Malicious code in ally-forms (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a3b62d3c11f608087ea0651eb467ec7e0c9e43258abb6df889f64c8d1a6eb61 The package ally-forms was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3234 Malicious code in apexpro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80f8783908329ceda250d21f3d9d39a117f80f8ca55c400c72065449d2a0bc1c The package apexpro was found to contain malicious code. Source: ghsa-malware fb2932c368cbb684114a08865c171d8af11aa8af3738e7d156f5692beccd48d5 Any...
CVE-2026-35233
An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range shlink field. When root-level dtrace attaches to -- or instruments -- that process via dtrace -p , pid probes, or USDT, the ELF parser reads heap memory beyond the allocated section cach...
Malicious code in apple-internal-security-audit-v99 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85c1a320034eadbc47dbe12b147164f4b003babca198b527d6b725a9f891f188 The package apple-internal-security-audit-v99 was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3305 Malicious code in apple-internal-security-audit-v99 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85c1a320034eadbc47dbe12b147164f4b003babca198b527d6b725a9f891f188 The package apple-internal-security-audit-v99 was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3186 Malicious code in ac-sasskit-beta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f511f3bd2772e3721f69519323ae4557eb447a809eef469c46a1c500fe96c1c0 The package ac-sasskit-beta was found to contain malicious code. Source: ghsa-malware 1873c549998c97b796fea0e8381c73ed62d3517f9eac35919b3225ad2a2f454...
MAL-2026-3140 Malicious code in fivem-monitor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46a604a0acf84f672e7a3235e103f365f9d9f704c96faa12dcb5b9b0a9806004 The package fivem-monitor was found to contain malicious code. Source: ghsa-malware bea91e9a2c853e88f029684fb53cecc15f1960b1ccafb583b1da52a754f9ee4d...
Malicious code in @pyme-web/web-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e52ac4b8d97b81cff5824f4ddc38897183df4e20ecd3f1e7df62e8f6645f236a The package @pyme-web/web-api was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3119 Malicious code in @pyme-web/ui-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a73f6d1f150b07a8023fdef84fc4cc091a7cecbed37ff3364bfb328747951526 The package @pyme-web/ui-widget was found to contain malicious code. Source: ghsa-malware...
Malicious code in @taxmoninor/taxmon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42f9358f8af80b7021c6d4bb86f10796de5ad8ef2ec941d0057954b9e6a18355 The package @taxmoninor/taxmon was found to contain malicious code. Source: ghsa-malware...
Malicious code in @activation_code/success (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d00bacff8cfa3ae8a22cfb51c4be0ad025ce42bc29929c07a7eaad6be36c702c The package @activationcode/success was found to contain malicious code. Source: ghsa-malware...
Malicious code in @activation_code/activate (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 051c685a7704a23fd8a744185c9b8551c7acda63ebf95feabd3ca4b9e1f8ede6 The package @activationcode/activate was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3106 Malicious code in @activation_code/activate (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 051c685a7704a23fd8a744185c9b8551c7acda63ebf95feabd3ca4b9e1f8ede6 The package @activationcode/activate was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3107 Malicious code in @activation_code/error (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fec73b17468bf333bb1bf6a071209103b774e371dfbf9961ad522dbd006fff7d The package @activationcode/error was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3114 Malicious code in @apple-pay-trust/finish (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9abd2d210c4a5df0e95f326e80b2e6618647c03ba4158e1d6ffbd36d9f7b800a The package @apple-pay-trust/finish was found to contain malicious code. Source: ghsa-malware...
Malicious code in @apple-pay-trust/check-apple-pay-result (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e1519a2b638e44ce9001f6e843a09909254897aa84597b6476e1004efbf0a16 The package @apple-pay-trust/check-apple-pay-result was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3124 Malicious code in apple-internal-dev-check (npm)
Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...
Malicious code in @clearpool/streaming (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector febaceb862fd80f68bdcefbbed2667f056ba0b09cc0607d92962dd0d1c2a8b5d The package @clearpool/streaming was found to contain malicious code. Source: ghsa-malware...