311907 matches found
Malicious Package
Overview characterai-poc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in agoda-dep-confusion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector faa0bc71a76133f8ba2469aab72a42ed605c22eaf6a3816754f5dff2cb21fa87 The package agoda-dep-confusion was found to contain malicious code. Source: ghsa-malware...
Malicious code in yelp-react-component-rating (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 027bbca928c4c1696f388fbb2ac0ac3a7c74a29db1a6bb76b5c7431759c27421 The package yelp-react-component-rating was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2127 Malicious code in agoda-test-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61298c02c98b568b7b2735848ed2087ced94165a58e6602af9769d359b279056 The package agoda-test-poc was found to contain malicious code. Source: ghsa-malware f1dc100458bb8a2a4c1831d2a680b7895085adc4bb5fa5c90701f52b1165eb8d...
Malicious code in yelp-react-component-photo-upload (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32e7f0c90df117fd4748129db7ebb37ee6519a0f8ace68bbd197b8f6658da7ee The package yelp-react-component-photo-upload was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2134 Malicious code in yelp-biz-action-constants-js-generated (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 063bb3466bef20db9d0f0c8436b384fe8b498ccceef3993ab43e0482b43efc40 The package yelp-biz-action-constants-js-generated was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2135 Malicious code in yelp-react-component-photo-upload (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32e7f0c90df117fd4748129db7ebb37ee6519a0f8ace68bbd197b8f6658da7ee The package yelp-react-component-photo-upload was found to contain malicious code. Source: ghsa-malware...
Malicious code in nemo-fpti (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d59bda0a25d9b656075c91322ff0c7a8463b743465176a358265f7fb35710b98 The package nemo-fpti was found to contain malicious code. Source: ghsa-malware 7e5357f25ae0271690f061e93dc85be49cf6ebe3ccd0d09110524b0fcbb30ee3 Any...
Malicious code in server-fpti (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b90fb70466093bba29ed5b8f62a9734b95ff7011add06482beec9546984f11c3 The package server-fpti was found to contain malicious code. Source: ghsa-malware 59d0d75db844e966a9f5cc0e311ca6f2385abdf95ca0ee2387c23be8342f0fb2 An...
MAL-2026-2133 Malicious code in server-fpti (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b90fb70466093bba29ed5b8f62a9734b95ff7011add06482beec9546984f11c3 The package server-fpti was found to contain malicious code. Source: ghsa-malware 59d0d75db844e966a9f5cc0e311ca6f2385abdf95ca0ee2387c23be8342f0fb2 An...
MAL-2026-2144 Malicious code in litellm (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 6a89401cbf53902e8374fbf3b424a77bb5e5f8c437176232eab7c3237d10ecbe LiteLLM was compromised through trivy security scan in a GitHub workflow. Attackers uploaded malicious versions of LiteLLM to PyPI. The...
Malicious code in customerdigital-ui-components-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70a8c957edf16da956a7859c7a0e1d8accbe84824b88f1f19f70a01acd07b729 The package customerdigital-ui-components-lib was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2125 Malicious code in customerdigital-ui-components-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70a8c957edf16da956a7859c7a0e1d8accbe84824b88f1f19f70a01acd07b729 The package customerdigital-ui-components-lib was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2412 Malicious code in @wame/ngx-frf-utilities (npm)
Malicious package due to JS obfuscation, dynamic code execution, OS/DNS access, suspicious install script, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfa63e93a0b5a6ead3de9d3680bb75a023c43b59c6db80e0072b6a239cb7d5da The package...
MAL-2026-2411 Malicious code in @wame/ngx-adfs (npm)
Malicious package due to hex obfuscation, dynamic module loading, process access, suspicious install script, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee67ae68f066d11c3e0625e260c588df3d43384ae91fe74292977ea5304684d9 The package...
Malicious code in @the-coca-cola-company/ngps-global-common-utils (npm)
Malicious post-install script combined with low project popularity indicates potential malware. Arbitrary code execution is a major concern. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ebe31c5bb51c354ed83627a02c11ca4c8541e042623b1b987255941ffafdaff The...
Malicious code in @phonos/types (npm)
Multiple evidences indicate malicious behavior: obfuscation, suspicious install script, access to sensitive functionalities, and untrustworthy source. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8c10ea271203f85e595559214b08565cef54710fcc605eca02483606041cf5...
MAL-2026-2409 Malicious code in @phonos/types (npm)
Multiple evidences indicate malicious behavior: obfuscation, suspicious install script, access to sensitive functionalities, and untrustworthy source. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8c10ea271203f85e595559214b08565cef54710fcc605eca02483606041cf5...
Malicious code in oc-ccp-module-client (npm)
Malware due to hex obfuscation, suspicious install script, dynamic module loading, OS command access, process object access, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2b4b9cee1369c441aa8d759bc04085a8e2b14786df20656a8c6bc249e6260...
MAL-2026-2223 Malicious code in cr-static-shared-components (npm)
Malicious package due to code obfuscation, dynamic module loading, suspicious email, and arbitrary code execution during installation. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fcc8531926534d3d87af7c173bfaba5f563bdbbc6ae8293de0150a0f00ba205 The package...