MAL-2026-3601 Malicious code in @ml-toolkit-ts/preprocessing (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

MAL-2026-3593 Malicious code in @dirigible-ai/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

MAL-2026-3597 Malicious code in @draftlab/auth-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

MAL-2026-3594 Malicious code in @draftauth/client (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

MAL-2026-3602 Malicious code in @ml-toolkit-ts/xgboost (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

Malicious code in @uipath/widget.sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e72fd5223273f42c47db6b5b8217e2cdce8589d9cf9545621606c249facc6ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3587 Malicious code in @uipath/widget.sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e72fd5223273f42c47db6b5b8217e2cdce8589d9cf9545621606c249facc6ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3586 Malicious code in @uipath/vss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfeb2de2eaeb02a5d8f7ce7edf48891f2dad988fb8fd5ed5b26e7c7118f3c9cc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3585 Malicious code in @uipath/vertical-solutions-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76957e857334423d0c1f4100218bb5856183968cc9475481adecdf97eac57796 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/test-manager-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f31efe85854bdd27afe6808efd0ba0008d127f32a645708688158673d2be586e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3579 Malicious code in @uipath/telemetry (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91d05751804316999a3882b1e43e61e9b9844220d8994bdc3d9dcfa25edd5a3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/solutionpackager-tool-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11eac97c9e1f9a26a36eb6395e45d059f5821d47b84fd3f90b62d0c5f6698b96 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3577 Malicious code in @uipath/solutionpackager-tool-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11eac97c9e1f9a26a36eb6395e45d059f5821d47b84fd3f90b62d0c5f6698b96 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/solutionpackager-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64274b915ff6e2c5965c334cc5b2a7dca56efe8c3021c83e45d0269a9391345f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3575 Malicious code in @uipath/solution-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54c97ae73d789e83ab3e7d3a4aa60b13004ed8ddfba42a1b2941598b16e6ade5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3574 Malicious code in @uipath/solution-packager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6487ed6520bb356b10f79e676ab8025235c19230de13836f08cf630171420426 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/solution-packager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6487ed6520bb356b10f79e676ab8025235c19230de13836f08cf630171420426 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3573 Malicious code in @uipath/rpa-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27baf6f8e722fd9803bff5f0d455ae5867fcf87135864df02a6f269cccf659fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/rpa-legacy-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d4b6219eecb1a7c42be7dd373aba1a49cc25afcadaabb38d6ebf90522094568 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3572 Malicious code in @uipath/rpa-legacy-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d4b6219eecb1a7c42be7dd373aba1a49cc25afcadaabb38d6ebf90522094568 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...