136739 matches found
Malicious code in @uipath/insights-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e4a14d8ee3cc65fe720a880c72000a911cbc45433f4113501a7246c018798380 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/integrationservice-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4edd2a2ae1287141aa4d05d85a3bc8510964321fd4e054af3a5f763d6ad30b9c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3591 Malicious code in wot-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd781e61a7ca728623c44a900ca22a8cc58de2b93bcd797aeebe453ee6fa4f80 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3525 Malicious code in @uipath/agent-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 67d0350668580724b1a764da5a9904350fcf8127bed8144c82a4cf966517b1ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tolka/cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 690527fdde65817c5fb47eeae87927130e678a6255b461b2ebfa6c0881be570f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3519 Malicious code in @tallyui/theme (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 34578fa5c77db2b21dd15d3357fc2b7c4d36a2ce4d1d44f86daa5c04561d662c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3512 Malicious code in @mistralai/mistralai-gcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3dcfd7fec176cc54232767b454429a7b3e0106aebbb16f2e9bdacc57e8a20ff9 The package @mistralai/mistralai-gcp was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3457 Malicious code in @supersurkhet/cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3219a7aa4b5f19cda44ae4217d0cf1d596988bd05ea1645b489ec579c50bcf17 The package @supersurkhet/cli was found to contain malicious code. Source: ghsa-malware...
Malicious code in git-branch-selector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dab170d586455af0816362e715de0907ddaa19adb87c68ef59255139322dde69 The package git-branch-selector was found to contain malicious code. Source: ghsa-malware...
Malicious code in @squawk/icao-registry (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cdcc18fc8342a0ce7e7b2f3751bcb7d6e64c3fe660a9c5836f6d06aac4a4b45 The package @squawk/icao-registry was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3485 Malicious code in @tanstack/solid-start-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4905d7bb1a4d6f69ec73fe4cc8fa958262fcab1397fed5725ac39db447f6239a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3455 Malicious code in @squawk/units (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39aaec9f38434cc7c5012cfde1e1156723d161341b897788e743f6360f369e71 The package @squawk/units was found to contain malicious code. Source: ghsa-malware 464a63d0dfe63cb91f03d50ef10143eae2c9d581998ff6025ba48e18c8d89ed5...
Malicious code in @squawk/airport-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a12035131eafd29a07572751653f857706ac1b113fcbd498a70f54d96d5276cc The package @squawk/airport-data was found to contain malicious code. Source: ghsa-malware...
Malicious code in @squawk/icao-registry-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b2e3d9fe7e5b2e36db3f5a5e5b4453685fe4a2993dd0116c25f290e05cce269 The package @squawk/icao-registry-data was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3456 Malicious code in @squawk/weather (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72341a088009d96497c994e0a076b60b00bf65b365831ef16abe360f5c6cf874 The package @squawk/weather was found to contain malicious code. Source: ghsa-malware 71445d30bdef8256424a60e0abf2f5e2ce43b8c7dffa1476bd2ee7001013720...
MAL-2026-3488 Malicious code in @tanstack/start-fn-stubs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e25d3624c39cfe3dae76a5630525e72d3f0fe2f8eb1bbb44a0ff17c3a39d4fe2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tanstack/react-start-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8358ce998650baf1a9cb6bb602109da81268c43855ad0b16f892687cc89f104d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tanstack/react-router (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b329cb477cc0d977f9e8e6df59072ea002d6d041b99531596fbd87b8ff80aefd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...