31 matches found
MAL-2026-5259 Malicious code in github-archiver (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
MAL-2025-191318 Malicious code in @silgi/ratelimit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 422196a67d61d4d71d26fc505d10b7d141fb54310ecab586ff0320d42f395509 The package @silgi/ratelimit was found to contain malicious code. Source: google-open-source-security...
MAL-2025-191298 Malicious code in @posthog/postgres-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10be24eebbc464a61788d5c151ce03171d4abe4b1cd7f27972fef642fc46deda The package @posthog/postgres-plugin was found to contain malicious code. Source: google-open-source-security...
Malicious code in @voiceflow/anthropic (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5894ea8ba7ea0e9636e873dae07eb97fdcf83510f4e7a28b23f1d0b2e0a0afe0 The package @voiceflow/anthropic was found to contain malicious code. Source: google-open-source-security...
Malicious code in valuedex-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7604b9b49dff9ce4a66119dcd337c975d53e669752a1964d523b95bce8b96761 The package valuedex-sdk was found to contain malicious code. Source: ghsa-malware 14bcd330b75ba074bb0ea2ba295bf74570677a718d844ef4f7e18fbd051594da A...
Malicious code in @silgi/openapi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da37d75ae054be71f7d9d4913bf4e5b1c0e7249774278432c33d89d871d99f28 The package @silgi/openapi was found to contain malicious code. Source: ghsa-malware 3c5eda9815ba5af459be6844eab3b3e9f5cb4615e738904bd8214eb62a2c93e7...
MAL-2025-190976 Malicious code in mon-package-react-typescript (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22b741df148115219cefc4a7110caf4494a1b84698a1ffa9609550097e8f4894 The package mon-package-react-typescript was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...