200 matches found
Malicious code in @tenforce/toolbox-fontmap (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc43bc0434418226ca77115c791ff0ea0031a0d314e73acfe0a62686528ceaad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in tailwindcss-merge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 757933d4ef7a3a1e94cb1316d0f0f24d6f5fcb30dd482e130c0fa348939dad66 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5268 Malicious code in ulid-os (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6ef4088107b64693d6c1dfa04be004ad1e19b3d34737d7b79b96b21701a5e7f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5131 Malicious code in @redhat-cloud-services/sources-client (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
MAL-2026-5059 Malicious code in chai-bundle (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5110f40393583ef41ebcfa3558d782310a40a78227a040480d871c25311b79ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @trp-individual-investor-adv-disc/adv-shared (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1fc0ed55f4ec8a9ae7dd408c68635f245461c319bf4e7a0ca85adb25c9eb317b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in int-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 369f6932b06597ffc51269a3c2634d158a10270a5c79eb9e4842818e8570c544 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @limebike/supreme-date-pickers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c82e94fac384ea6891e5aea99635ab429663e321502acbbc9eaaf81864e0d5e On npm install, both preinstall and postinstall hooks execute index.js, which collects the installer's hostname, all non-internal network interface I...
MAL-2026-3794 Malicious code in dowload_ebok_also_an_octopus_by_maggie_tokuda_hall_ah2ip (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8458191c9d9b588edbefd52034669969e6511810e2ebe6e187a48e4405673f1 The package dowloadebokalsoanoctopusbymaggietokudahallah2ip was found to contain malicious code. Source: ghsa-malware...
Malicious code in @squawk/mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed4b99ef5ac5fd4f25fdd4844c49a608343d6596def04cfb9df850c40e927dc9 The package @squawk/mcp was found to contain malicious code. Source: ghsa-malware 7d06b20db1195e1e5566e553087c2be971625c4a648e9cbfe5c1e0e836b93aa9 An...
MAL-2026-3013 Malicious code in undicy-http (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d4da47dd47cb80cf3a7a93cd81c2154b7cd905834b35f89f0703a5a8dab5d1e The package undicy-http was found to contain malicious code. Source: ghsa-malware daa1abf913048406268c31888f8b6defc0e69b49ba85dcbdb966fea8a3caf235 An...
Malicious code in node-unpnotifyserv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad3da4c961628a8745400bba3a3521ae4fda195c030215758fe40841c1c8946e The package node-unpnotifyserv was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2645 Malicious code in okassistant (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec259ed5ca779ea9fce921bd547959b69220b3c9d07ed42c550ecfe2adcec217 The package okassistant was found to contain malicious code. Source: ghsa-malware 26810b15d962f827f687002cec240712d5f77f30a5eeef187362661c1dcff114 An...
Malicious code in @hmm-app/api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a791765dda3352bb35bb02103a904c3a2a17217074721eb39a1e9e8e89687795 The package @hmm-app/api was found to contain malicious code. Source: ghsa-malware 7c883cf4762be6f3e07bf37a48472ac4ff6a8bbe781c4f0f40ca18b832c2c48a A...
MAL-2026-2576 Malicious code in @b2b-portal/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a28e67919e3dfef2a8a434caec109791355b6f43d434d22bd9515f348a692c5e The package @b2b-portal/core was found to contain malicious code. Source: ghsa-malware 7a10dd57d5e27c26f36c8207faa6449838827281be33c9ecc99e025cfdea19...
Malicious code in @ev-tech/eva-container-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 000e7dc4c22d822e052329e85f5a615743547eaafc111f35576b780059ca2afb The package @ev-tech/eva-container-api was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2127 Malicious code in agoda-test-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61298c02c98b568b7b2735848ed2087ced94165a58e6602af9769d359b279056 The package agoda-test-poc was found to contain malicious code. Source: ghsa-malware f1dc100458bb8a2a4c1831d2a680b7895085adc4bb5fa5c90701f52b1165eb8d...
Malicious code in @opengov/ppf-backend-types (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8323ddb6e5666c3c6e638547538eda9089f97e0e3605f39b2a561d9a436d8fd4 The package @opengov/ppf-backend-types was found to contain malicious code. Source: ghsa-malware...
Malicious code in hiagenttest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ea4b234d38909b534414ea6c060e079ef07575115b5e06919ad1778930e1c02 The package hiagenttest was found to contain malicious code. Source: ghsa-malware 30c4c5863aa45de206d3f6f50505fc89f13e2613c4fb62b80866030d74bc2df1 An...
Malicious code in @sheniraid/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec58e185ed8a16337c255a734dd403cfc5efd957a33d7a0f978e91721a69c8f5 The package @sheniraid/baileys was found to contain malicious code. Source: ghsa-malware...