MAL-2026-3511 Malicious code in @mistralai/mistralai-azure (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af58e099ab615b8869cb741b5604f6becdf1e9d1d7c5ac326f9c4065f5f590f6 The package @mistralai/mistralai-azure was found to contain malicious code. Source: ghsa-malware...

Malicious code in yahoo-commerce (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3725b1c28bf27cb9ae988e61fc0c7b790b588587cef59086e7d63460f2241a9 The package yahoo-commerce was found to contain malicious code...

Malicious code in prometheus-analysis-1 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2026-495 Malicious code in h-jsencrypt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb69a1fb2f3c3ef16b7e30994095eb335b41563a498523667d83d60ed0c56c60 The package h-jsencrypt was found to contain malicious code. Source: ghsa-malware a2cacebaa99bf1715c395ba91c26e95c4ce77af5a16cbbcc4e5041c2a47b4143 An...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

EUVD-2025-198824

Malicious code in n8n-nodes-tmdb npm...

MAL-2025-190548 Malicious code in node-calculator-yktt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3a4c2bf374bfe7c2f8cf69a7d628dbcbb3716ea9cc863174110c09f490577c7 The package node-calculator-yktt was found to contain malicious code...

EUVD-2025-134790

Malicious code in anabuyil-na0n-nitnualuki npm...

EUVD-2025-134208

Malicious code in lookingan-jaja35 npm...

EUVD-2025-144072

Malicious code in nabuf-ogaf-doifaogako npm...

EUVD-2025-120233

Malicious code in xerxes-astro-axios-rocket npm...

EUVD-2025-102967

Malicious code in prospectivechickenz3n npm...

EUVD-2025-102632

Malicious code in riana-mendoan50-riris npm...

EUVD-2025-96312

Malicious code in nadia-serimuka24-breki npm...

EUVD-2025-104302

Malicious code in jaja-peyek59-breki npm...

EUVD-2025-105999

Malicious code in continuingguppyz3n npm...

EUVD-2025-105178

Malicious code in flutteringcarpz3n npm...

EUVD-2025-66021

Malicious code in tuti-asinan3-miaww npm...

EUVD-2025-86248

Malicious code in erick-rangi33-miaww npm...

Malicious code in zaki-klipo37-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a18cb050da2281dcadbb547c583cc492ef9714872ece392ccc8d753b22ab4812 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...