31 matches found
MAL-2026-5259 Malicious code in github-archiver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4d8f3a21af0a31a899de9e8eabd09e30c6e05e620ab3a7d7af420c34214898b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
MAL-2025-191318 Malicious code in @silgi/ratelimit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 422196a67d61d4d71d26fc505d10b7d141fb54310ecab586ff0320d42f395509 The package @silgi/ratelimit was found to contain malicious code. Source: google-open-source-security...
MAL-2025-191298 Malicious code in @posthog/postgres-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10be24eebbc464a61788d5c151ce03171d4abe4b1cd7f27972fef642fc46deda The package @posthog/postgres-plugin was found to contain malicious code. Source: google-open-source-security...
Malicious code in @voiceflow/anthropic (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5894ea8ba7ea0e9636e873dae07eb97fdcf83510f4e7a28b23f1d0b2e0a0afe0 The package @voiceflow/anthropic was found to contain malicious code. Source: google-open-source-security...
Malicious code in valuedex-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7604b9b49dff9ce4a66119dcd337c975d53e669752a1964d523b95bce8b96761 The package valuedex-sdk was found to contain malicious code. Source: ghsa-malware 14bcd330b75ba074bb0ea2ba295bf74570677a718d844ef4f7e18fbd051594da A...
Malicious code in @silgi/openapi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da37d75ae054be71f7d9d4913bf4e5b1c0e7249774278432c33d89d871d99f28 The package @silgi/openapi was found to contain malicious code. Source: ghsa-malware 3c5eda9815ba5af459be6844eab3b3e9f5cb4615e738904bd8214eb62a2c93e7...
MAL-2025-190976 Malicious code in mon-package-react-typescript (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22b741df148115219cefc4a7110caf4494a1b84698a1ffa9609550097e8f4894 The package mon-package-react-typescript was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...