MAL-2026-3770 Malicious code in prisma-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aab2820bfb9036995418ba2b36887f8970d7deaa69d8bc4aa24e36266bf18d1 [email protected] is a name-confusion package against the genuine prisma ORM. Its package.json declares "preinstall":...

Malicious code in vinext-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5c7279d5c84c989a0deef7944c5d1d22b89651bdc01da8fc5144622a8fc74cb The package vinext-monorepo was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2861 Malicious code in vinext-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5c7279d5c84c989a0deef7944c5d1d22b89651bdc01da8fc5144622a8fc74cb The package vinext-monorepo was found to contain malicious code. Source: ossf-package-analysis...

Exploit for CVE-2026-40175

audit-axios Scan local repos for vulnerable axios versions an...

Roadiz development monorepo 代码问题漏洞

The Roadiz Development Monorepo is an open-source content management system development kit developed by Roadiz. Versions of the Roadiz Development Monorepo prior to 2.7.9, 2.6.28, 2.5.44, and 2.3.42 contained code vulnerabilities. These vulnerabilities allowed authenticated attackers to read...

Effect Monorepo 竞争条件问题漏洞

Effect Monorepo is a functional framework developed by Effect Open Source for building TypeScript applications. Versions of Effect Monorepo prior to 3.20.0 contained a race condition vulnerability, which was caused by context confusion in RpcServer.toWebHandler, potentially allowing access to the...

Malicious code in monorepo-cop (npm)

The package 'monorepo-cop' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

MAL-2026-1523 Malicious code in monorepo-cop (npm)

The package 'monorepo-cop' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

Malicious code in @web-monorepo/fetchers (npm)

Package is malware. It exfiltrates data to a suspicious domain via callback.js, triggered by a preinstall script in package.json. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3faaa666cb666785670b3a638b1f832d4492f7eb2c999f41f7bb551cde2aa86 The package...

Malicious Package

Overview minikit-monorepo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview pie-monorepo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview jaeger-ui-monorepo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2022-31529

The cinemaproject/monorepo repository through 2021-03-03 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

Malicious code in svelte-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 822b182580c298051b9c1f8bb1e807bdb6c780fce64845002feebe37eddd0fad The package svelte-monorepo was found to contain malicious code. Source: ghsa-malware 1f5c5e96c4223fbe3046df01f3cda3aa9b821888050b45d82e92688609a7284...

MAL-2026-151 Malicious code in svelte-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 822b182580c298051b9c1f8bb1e807bdb6c780fce64845002feebe37eddd0fad The package svelte-monorepo was found to contain malicious code. Source: ghsa-malware 1f5c5e96c4223fbe3046df01f3cda3aa9b821888050b45d82e92688609a7284...

Malicious Package

Overview svelte-monorepo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2026-1630

Malicious code in svelte-monorepo npm...

Exploit for CVE-2025-66478

monorepo-nextjs-npm-nested-versions - VULNERABLE CVE-2025-664...

Exploit for CVE-2025-66478

fix-react2shell-next One...

Malicious Package

Overview helm-charts-monorepo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...