36 matches found
Malicious code in @zaamx/netme (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ff8cae34ceeb5f691ca4c4f92fbe10d0bc4e6b9eddf081e7c99ab1ee6193c98 This Medusa plugin hardcodes outbound POST requests to https://n8n.lidxi.com/webhook/ in multiple subscribers and admin routes, with no configuration...
EUVD-2025-199495
Malicious code in @kvytech/medusa-plugin-promotion npm...
MAL-2025-191128 Malicious code in medusa-plugin-logs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7af11d8b0e347690c78b45c790ef5d54f7cadf6d5d2fa89a86ef6c1765ab136f The package medusa-plugin-logs was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199217
Malicious code in medusa-plugin-logs npm...
Malicious code in medusa-plugin-logs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7af11d8b0e347690c78b45c790ef5d54f7cadf6d5d2fa89a86ef6c1765ab136f The package medusa-plugin-logs was found to contain malicious code. Source: ghsa-malware...
medusa-plugin-momo (>=0.0.48 <=0.0.67), medusa-plugin-zalopay (>=0.0.28 <=0.0.39) potentially affected by unknown CVE via medusa-plugin-logs (>=0.0.1 <=0.0.16)
medusa-plugin-logs NPM version =0.0.1, =0.0.48, =0.0.28, =0.0.39 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191128...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
EUVD-2025-198826
Malicious code in medusa-plugin-momo npm...
Malicious code in medusa-plugin-momo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4670d82d1db3b1865426e69d47798cb98aaed8be48cec99e86be3741872aa936 The package medusa-plugin-momo was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190850 Malicious code in medusa-plugin-momo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4670d82d1db3b1865426e69d47798cb98aaed8be48cec99e86be3741872aa936 The package medusa-plugin-momo was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190849 Malicious code in medusa-plugin-announcement (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9b07264455976108e9b10007ffccea47d12a9b8642114b28082c0d80130c851 The package medusa-plugin-announcement was found to contain malicious code. Source: ghsa-malware...
Malicious code in medusa-plugin-announcement (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9b07264455976108e9b10007ffccea47d12a9b8642114b28082c0d80130c851 The package medusa-plugin-announcement was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198827
Malicious code in medusa-plugin-announcement npm...
EUVD-2025-198825
Malicious code in medusa-plugin-zalopay npm...
Malicious code in medusa-plugin-zalopay (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3c2a2c7cda991bd113cf7b4cd391451e22bc26d4df3fa7a96669ad4c7d1c219 The package medusa-plugin-zalopay was found to contain malicious code. Source: ghsa-malware...