adaptive-fs (>=1.1.0 <=1.3.2), ajato (=0.0.1-wip) +1 more potentially affected by unknown CVE via mogoose (=0.0.1-security)

mogoose NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on mogoose and may be impacted: - adaptive-fs =1.1.0, =1.0.48, =1.1.26 Source cves: unknown CVE Source advisory: OSV:MAL-2025-26613...

Malicious code in mogoose (npm)

The package mogoose was found to contain malicious code...

MAL-2025-26613 Malicious code in mogoose (npm)

The package mogoose was found to contain malicious code...

adaptive-fs (>=1.1.0 <=1.3.2), ajato (=0.0.1-wip) +1 more potentially affected by unknown CVE via mogoose (=0.0.1-security)

mogoose NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on mogoose and may be impacted: - adaptive-fs =1.1.0, =1.0.48, =1.1.26 Source cves: unknown CVE Source advisory: OSV:GHSA-5MM9-55C9-P5R7...

Malicious Package

mogoose is a malicious package. When the package is installed or required, the package attempts to send hostname information to the attacker's server, affecting confidentiality of the victim's server which can potentially bridges to other attack vectors like remote code execution...