234864 matches found
Malicious Package
Overview tether-dev-docs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in tether-dev-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0d07b28a3afe4c020244ad7d5415342f3d62c4436107a5d764307d102b193ef The package tether-dev-docs was found to contain malicious code. Source: ghsa-malware 57a6db50523e4b656bdec519331a0443d43f1f9ae2dd91e5e1a1ee5ab6cc5ed...
Malicious Package
Overview pino-sdk-v2 is a malicious package. This package contains malicious code. An obfuscated payload in lib/tools.js that scans .env, .env.local, .env.production, .env.development, and .env.examplefiles for secrets and exfiltrates them to a Discord webhook on require. While this package might...
MAL-2026-1247 Malicious code in @imhuman/corp-build-utils-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6184a6191df94d0d85ce593a41435ea200b954b17ce7a90c83cd1fb6ec5453db The package @imhuman/corp-build-utils-poc was found to contain malicious code. Source: ghsa-malware...
Malicious code in imhuman-fw-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04a81e9c61dcf38b54d4e0ad070050a4817a509858f0f56725074b54c24288a1 The package imhuman-fw-logger was found to contain malicious code. Source: ghsa-malware...
Malicious code in @imhuman/fw-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f21f635d2d8fbbcc0d1422e1b08e8b71b8efd04e68216dc4eb8ffaec0208f967 The package @imhuman/fw-logger was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1249 Malicious code in imhuman-fw-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04a81e9c61dcf38b54d4e0ad070050a4817a509858f0f56725074b54c24288a1 The package imhuman-fw-logger was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1248 Malicious code in @imhuman/fw-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f21f635d2d8fbbcc0d1422e1b08e8b71b8efd04e68216dc4eb8ffaec0208f967 The package @imhuman/fw-logger was found to contain malicious code. Source: ghsa-malware...
Malicious code in pear-apps-utils-date (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65df5bee974b55dfd58d5816e480664604e9d8b3bf6a7c27c22b92aefeaca124 The package pear-apps-utils-date was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview pear-apps-utils-date is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-1253 Malicious code in pear-apps-utils-date (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65df5bee974b55dfd58d5816e480664604e9d8b3bf6a7c27c22b92aefeaca124 The package pear-apps-utils-date was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1254 Malicious code in pear-apps-utils-qr (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8bf18757dd3797d845e6746f010e38421985192e8623264615f68c13b4ec0a1 The package pear-apps-utils-qr was found to contain malicious code. Source: ghsa-malware...
Malicious code in pearpass-lib-data-export (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd09913040448b75ce4023605c2191efccf04f01c8e894d4044e8ee3a04fa67c The package pearpass-lib-data-export was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1255 Malicious code in pearpass-lib-data-export (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd09913040448b75ce4023605c2191efccf04f01c8e894d4044e8ee3a04fa67c The package pearpass-lib-data-export was found to contain malicious code. Source: ghsa-malware...
Malicious code in pear-apps-lib-feedback (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 331d2742dee8271e5d493e475aab23ee3f05adc5e02888d87127d189883cc50c The package pear-apps-lib-feedback was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview nf-referral-backend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-1244 Malicious code in spectral-corsair-navigator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4faab7d9e9e24067cf0a0ef23c529b2622cbb91b654a35430742ec584b827a54 The package spectral-corsair-navigator was found to contain malicious code. Source: ghsa-malware...
tar has Hardlink Path Traversal via Drive-Relative Linkpath
Summary tar npm can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Details The extraction logic in UnpackSTRIPABSOLUTEPATH chec...
@343dev/optimizt (>=12.0.0 <=12.1.1), @cjy0812/inspect-plus (>=0.0.1772240426360 <=0.0.1774152861718) +38 more potentially affected by CVE-2026-29074 via svgo (=4.0.0)
svgo NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on svgo and may be impacted: - @343dev/optimizt =12.0.0, =0.0.1772240426360, =6.13.0, =0.0.1769658265953, =21.2.6, =1.1.0, =1.1.0, =1.1.0, =1.0.0, =1.0.0, =1.47.0, =0.1.202510281000,...
0agent (>=1.0.1 <=1.1.5), 0dot (=0.6.0) +58303 more potentially affected by CVE-2026-29085 via hono (>=0.5.10 <=4.12.3)
hono NPM version =0.5.10, =1.0.1, =1.0.0, =0.1.0, =0.1.0, =0.1.6, =0.1.0, =1.0.0, =0.3.2, =0.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2026-29085 Source advisory: OSV:GHSA-P6XX-57QC-3WXR...