4790 matches found
June 9, 2026—KB5095051 (OS Build 28000.2269)
None None...
Malicious code in @gleamkit/socket.io (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d6a306142d74b2781d66322adf2bc1b9898bfdb8e1814d2cb511c3e49b75c13 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in sixseven10 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21936e53270838d4901646de1e1c3eef9212055032d3cead428cbf3bfd60b9ed The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...
MAL-2026-10282 Malicious code in acidic (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef3583eb4d5b190d763cd784f5a40cb2cddaa8f1b6cd81b8a663bb612b51bb7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in abuden229 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 348ad89821b1ea36a325bc8f2e570b3a74e3a6238381106746bc31146c743fec The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff20 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45385ab2d7ac9fcd5f37a9faa2824beba492422d1783deef1b9b153eda2e25d2 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in nottuff1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5133eecd8c40ac8e4617b364ea9710a03f88e60f8e2d1252a8ee539282da29e1 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in ishowfeet5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06f3dc5dbca240ed6fabdb431e41494dd64100dbf96791921a36642cb53a9403 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
MAL-2026-10295 Malicious code in bismillahitidakimas (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbdeeb9f66b286397502ebf5d67dacf17f4cc4f58917fa9d201d799bb99c3e2c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in sixseven4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1dfd6ff82b27df8c8ecd3520e70b720e0ff6e6f4443e21d1230acebdfd032b6d The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...
Malicious code in backupsitetuff10 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8062677ad6aa536c8e4582df43db6251e78e0cd2a0e4c36348a997bc28b06d5b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in sixseven5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ff6db681456253158f47c4b36f5d7aa03089ec629cd7d0b0246a9ab6c871efa The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...
Malicious code in ratelimitsucks3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a45b50938677bb4c4bcdeee48af3fd57a8204d48d6aff16a1351ae814491391 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in bismillahitidakimas (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbdeeb9f66b286397502ebf5d67dacf17f4cc4f58917fa9d201d799bb99c3e2c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in timmytuffknuckles6 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22ef6fa6c2b9f80d6a1f79e532a9d9ea083a1c662bc834d118879ba630842b0c This package is not a Node.js library. package.json declares "main": "sw.js", a Service Worker that calls importScripts'./8cfc2/hgshm.js' — an API th...
MAL-2026-10396 Malicious code in whatsadmaidk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 604f59cbac58a8e35ba82016c72efe0c02226eec9273e96ee9215dd72cbe0392 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in whatsadmaidk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 604f59cbac58a8e35ba82016c72efe0c02226eec9273e96ee9215dd72cbe0392 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in dotnet-runtime-base (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c10c75766303f8c3bf261487e341e537f103116026309006ab71d977aacdd235 The package's postinstall lifecycle script package.json line 7: "postinstall": "node install.js" runs install.js, which on Windows writes a PowerShel...
EUVD-2026-43093
vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions:...
CVE-2026-11913
vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions:...