19 matches found
Malicious code in @content-editor/common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af120addbb0e18e1202a82729c25dc190dba070fee695cc22bcb91c7eea6ad25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ts-ecro-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86149b041033a917b3b743b9381a14368e79015385b27b89429cf7f6a35d0d30 No suspicious behaviors were identified in this package version. There are no lifecycle hook hazards, no outbound network calls to attacker-controlle...
MAL-2026-5111 Malicious code in @redhat-cloud-services/chrome (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in foundry-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4918af978c72d6459e02a9d0b1114f54cde7f3973b1cc3f61b497a0575269592 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in secguest-react-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b76ab99d9a667e9700bb0176dde546ff3748b742775ea322766035a730391891 The package secguest-react-lib was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191044 Malicious code in @opentermsarchive/engine (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b65f79ad38dfbbbddd8ec94c40721b2c951c3bf7c76de5e109d75cd20ab25bd5 The package @opentermsarchive/engine was found to contain malicious code. Source: ghsa-malware...
Malicious code in generator-meteor-stock (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 678199611d26a80c99b9cad377ac570dda69e8bc8ed1114a1178d98c2c611973 The package generator-meteor-stock was found to contain malicious code. Source: ghsa-malware...
MAL-2025-48420 Malicious code in curve-ui-kit-security-notice (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0fb2012407c0ff7c7e2c1a915c8ad608d1b47a31f725b9a9e68d652ad55bfcc8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in env-info-checker-kyy3w4fiurevd8uy43wfre (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d6fb3feadb029e83e642c54a8ffc29782d65e981a2bd769dc972463231215b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in eipsend (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3604c7d9351ed524566db2c93f9e4a9138606327e884352f93f2efab29494390 Any computer that has this package installed or running should be considered...
Malicious code in parcel-plugin-lighterhtm (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 415194ea6ab6f715cf5f3ce8ee4f2b08597339fa35641457a333aed6ff9109a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @diotoborg/veritatis-sapiente (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 46428410c5596e80d81f26d80e3d107c1bcc6f4026b07bab528cc6a10f31a20c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in side-view (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9233d92d37692726bc693958e27369fe68aa103372f8d54bc94628aa64e1bfc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in trip-component-platform-online-usp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a6a881b5f34acb08b303ac7f027ae585053ffab51b72cfa79a2bb4b4cbdf3f55 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in wlwz-2312-6700 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b003db2f89d03089a7921f18ce18b4c615f287012a31556c0bc4dca22a1783d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in belzqadykjcpmwsk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c7730c3f7dcee46f451b4f9c536c4d3cdb3c9c3555cd8a2c3c5028eaf8e4aa20 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @bootstrap-base-managed-designs/bootstrap-nabtraderedesign (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2fc127911008a6a4194140c869a9377e883f51d9889ce293306ec1e2c0a16683 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in wix-events-backend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f2c8042b735fab012588f30c2f58b93feeda458483e6bbf0bfffb5694a59a258 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in gulp-browserify-thin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6ef843cda125c2cda337af64084a57a7a79a488e977a9ec4ca912704ab2059c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...