136754 matches found
Malicious code in nonexistent-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9393b3fc67ac5c169de7089d2f5100b5cb49af4e2b747b46726660bebc2bf66a No a static rule matches and no traced behavioral findings were produced for this package version. Nothing in the analyzed artifacts indicates...
ROOT-APP-NPM-CVE-2026-5079 CVE-2026-5079 in @rootio/multer - Patched by Root
Root has patched CVE-2026-5079 in the @rootio/multer package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-35213 CVE-2026-35213 in @rootio/hapi__content - Patched by Root
Root has patched CVE-2026-35213 in the @rootio/hapicontent package for Root:npm. Multiple fixed versions available...
Malicious code in chai-spycore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbb99516f251bbd13baae5273239a6a04acefea76ddf1a7b06f4b5a328339dae Package republishes the chai-spies Chai plugin source verbatim including original author header under the near-identical name chai-spycore...
Malicious code in windrule-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12204dba8f73baf0bb7f6ce1ebd80bb2ce689752abaea290e1429aed4037bb9c No suspicious behaviors were observed in this package version. There are no lifecycle scripts fetching or executing remote code, no hardcoded...
MAL-2026-6850 Malicious code in logger-beauty (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29f894c613d7ea8f407e4515aca877e6f13b5bb8e72530ce8032a534336b5a25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ROOT-APP-NPM-CVE-2026-42043 CVE-2026-42043 in @rootio/axios - Patched by Root
Root has patched CVE-2026-42043 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44496 CVE-2026-44496 in @rootio/axios - Patched by Root
Root has patched CVE-2026-44496 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-GHSA-VVJJ-XCJG-GR5G GHSA-vvjj-xcjg-gr5g in @rootio/nodemailer - Patched by Root
Root has patched GHSA-vvjj-xcjg-gr5g in the @rootio/nodemailer package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-6734 CVE-2026-6734 in @rootio/undici - Patched by Root
Root has patched CVE-2026-6734 in the @rootio/undici package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-42039 CVE-2026-42039 in @rootio/axios - Patched by Root
Root has patched CVE-2026-42039 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
Malicious code in gen-ai-opt-in (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3653831a01d3068b12688a9f6ae11926a1b1edde27f8f37a6c48f3f0dba99231 On npm install, postinstall.js executes automatically and collects installer host identifiers os.hostname, os.userInfo.username plus public IP/geo da...
MAL-2026-6761 Malicious code in gen-ai-opt-in (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 371ed0f5f59f881d5fa2a296e7e3d44833f1ae46129da09714cab2edadcf440a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6792 Malicious code in wsh4-nmp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae8d49fb38a00054e408984deccb85f6486ffa7aa61c31ad01402413143168d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in debugcli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff9ad8188112d91f0ea673971f4421ca96dc7943ba12d65c7339c1aa75c2226e The package name debugcli shadows the popular debug package, and index.js is a thin re-export module.exports = require'debug' so callers observe...
MAL-2026-6790 Malicious code in debugcli (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b27bc49b2d8ef30848d427f7d6ec702eaed3b5bcc49f5fd4384183f228e2c50a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ROOT-APP-NPM-CVE-2026-45740 CVE-2026-45740 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-45740 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-42037 CVE-2026-42037 in @rootio/axios - Patched by Root
Root has patched CVE-2026-42037 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
Malicious code in @marketfront/designsystemdevtool (npm)
The @marketfront/designsystemdevtool package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and...
MAL-2026-6777 Malicious code in @marketfront/errorcounter (npm)
The @marketfront/errorcounter package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...