64 matches found
Malicious code in nativescript-swisspost-imagepicker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2271ce1525f722f302ee59b9de3270020e6d1aa84d74cc2972cb6ffa34d9a62 package.json declares preinstall: node index.js. On npm install, index.js reads process.env.INITCWD the installing project's working directory, takes...
MAL-2026-5792 Malicious code in nativescript-swisspost-imagepicker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2271ce1525f722f302ee59b9de3270020e6d1aa84d74cc2972cb6ffa34d9a62 package.json declares preinstall: node index.js. On npm install, index.js reads process.env.INITCWD the installing project's working directory, takes...
MAL-2026-5793 Malicious code in nativescript-swisspost-pcc-creative-editor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9c9ef8861d14485e696e98c66d95ee5c2a5a608b213841c9c18b254003ae049 Package masquerades as an internal Swiss Post NativeScript package name nativescript-swisspost-pcc-creative-editor, description literally Security Po...
@adobe-apimesh/mesh-builder (=1.4.0-beta.5), @akylas/nativescript-cli (>=8.7.2 <=8.8.2) +317 more potentially affected by CVE-2026-27904 via minimatch (>=7.0.0 <=7.4.6)
minimatch NPM version =7.0.0, =8.7.2, =5.5.0-682, =0.0.6, =3.6.0, =2.6.0, =2.5.0, =3.6.0, =4.6.0, =1.11.0, =4.0.0, =2.0.7, =2.0.4, =1.2.1, =1.3.1 - @digit-ui/digit-ui-module-common =1.3.0 and more Source cves: CVE-2026-27904 Source advisory: OSV:GHSA-23C5-XMQV-RM74...
Malicious code in @nativescript-community/ui-document-picker (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 46d11dbb6f2ddb5b46be5e63a827af98e3f887baac9c3df11be485d8326089b2 This package was compromised by the Shai-Hulud NPM worm. The malicious payload steal...
Malicious code in @nativescript-community/ui-label (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a815032f1d690295898b5c01bd4d17cb73044eebda75187b2877e8299ded777a This package was compromised by the Shai-Hulud NPM worm. The malicious payload steal...
Malicious code in @nativescript-community/ui-material-bottomsheet (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 648e72c71fe8677b6476210b34e01790ad107148f5b133254b3f9752b837fc32 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47156 Malicious code in @nativescript-community/ui-material-bottomsheet (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 648e72c71fe8677b6476210b34e01790ad107148f5b133254b3f9752b837fc32 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @nativescript-community/ui-collectionview (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 337737895f40e9bb6a3ceade1add7134f43ef138029b408eb08597176f412b34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47153 Malicious code in @nativescript-community/ui-collectionview (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 337737895f40e9bb6a3ceade1add7134f43ef138029b408eb08597176f412b34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @nativescript-community/sentry (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac70fd6ee04f2650c317de593d4341b084f7a1564e4bf36fed85c72971ce9878 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47155 Malicious code in @nativescript-community/ui-image (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e0f3449039a2352fc57480496becd92f22e7c723fa82f23ea58051945133a68 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @nativescript-community/ui-drawer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 654a91a470f375a9cb4e947721e019c839d4da439a16ad0308c6d183ada0bb55 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47154 Malicious code in @nativescript-community/ui-drawer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 654a91a470f375a9cb4e947721e019c839d4da439a16ad0308c6d183ada0bb55 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @nativescript-community/ui-material-core-tabs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e43f7ab3687acb4775d0c018af848b2f959bafdfaa3556f42b4c67778254450 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47158 Malicious code in @nativescript-community/ui-material-core-tabs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e43f7ab3687acb4775d0c018af848b2f959bafdfaa3556f42b4c67778254450 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @nativescript-community/ui-pulltorefresh (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 650cf81e4420b496c9854a80da4f8ba77516648b74a4b352e7099c04ecc4f026 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47161 Malicious code in @nativescript-community/ui-pulltorefresh (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 650cf81e4420b496c9854a80da4f8ba77516648b74a4b352e7099c04ecc4f026 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @nativescript-community/ui-pager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware afb9d30cb2322dc8acbeb63463faf85b0a58a8d761ce7bab042f690f894830f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47160 Malicious code in @nativescript-community/ui-pager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware afb9d30cb2322dc8acbeb63463faf85b0a58a8d761ce7bab042f690f894830f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...