234871 matches found
MAL-2026-559 Malicious code in syntax-async-functions (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0d14dae07d53bcd3b3da9693bf5facb7518fafafe8cc2c54d93cd59ec7a28f1 The package syntax-async-functions was found to contain malicious code. Source: ghsa-malware...
Malicious code in express-lists-routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c51e8807ad317a804d1d70eac194db27d648b87308eaebf5e7752864c1c03e5 The package express-lists-routes was found to contain malicious code. Source: ghsa-malware...
MAL-2026-551 Malicious code in express-lists-routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c51e8807ad317a804d1d70eac194db27d648b87308eaebf5e7752864c1c03e5 The package express-lists-routes was found to contain malicious code. Source: ghsa-malware...
MAL-2026-550 Malicious code in cdnhost (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dacea96d573c773c7dab188922e5a1bd655ff37114ebcee7c23d1415bc4dc4ef The package cdnhost was found to contain malicious code. Source: ghsa-malware e0181f4fe287a7879047e64112250e5009c28564cf6017ad1d2f966e706da109 Any...
CVE-2025-57283
The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...
EUVD-2025-206491
The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...
EUVD-2026-4859
In Bun before 1.3.5, the default trusted dependencies list aka trust allow list can be spoofed by a non-npm package in the case of a matching name for file, link, git, or github...
CVE-2026-24910
CVE-2026-24910 affects Bun prior to 1.3.5. The issue: the default trusted dependencies list (trust allow list) can be spoofed by a non-npm package when a name matches an existing trusted dependency, across file, link, git, or GitHub sources. Reported impacts include potential manipulation of the ...
Malicious code in @santandergroup-uk/edgehome-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e512dc1f3fcaa6ef57a8b842e2f6afe53092e6b4dc6efa83f398b40c59e53a6b The package @santandergroup-uk/edgehome-components was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview @spx-delivery/react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-534 Malicious code in internallib_v828 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff1fe83e3d9c31b100d3117b436d62cb5bbed907b6393fd0ae603bd365e73889 The package internallibv828 was found to contain malicious code. Source: ghsa-malware d15fc740eb3e49fec4406761a411f74ba5e572f8ead9811783ba32b4417d0db...
Malicious Package
Overview kwp-shared-components-production-system is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...
MAL-2026-542 Malicious code in stylus.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da337331b168fe53efb22dcc1d3a935e35010e59a40d5d222ee18aa89fe82e42 The package stylus.js was found to contain malicious code. Source: ghsa-malware 228752dfb0c639ecaabfe0fc0189046c016a56e66ffae8ebb59eaeb675d9d935 Any...
MAL-2026-535 Malicious code in knex.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04fcb32607ead73fe3f1c4443e807ae1deec8bda92999d19da73075af9d61805 The package knex.js was found to contain malicious code. Source: ghsa-malware a1c9b559496940535edc51721d08a3fccda2739e33e34028d59d97b305452aba Any...
MAL-2026-530 Malicious code in grepleaks (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbb12eb31b13d48c3bceaf932a48991331324e560fdf0dba37561862844fa2e8 The package grepleaks was found to contain malicious code. Source: ghsa-malware 3017ce71ea8163be051e049bafc4e07b09bcc4cf3b05675c0e5c300c105705ce Any...
Malicious code in hackerxhj (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d71044a886ff501da7e6d3e47cad40b8472b1f02b72f7dc807879b2d780f037 The package hackerxhj was found to contain malicious code. Source: ghsa-malware fd149c69b837b189dff0b260bd9ca7f30c03cb192bea4f83daf0465322a1ec13 Any...
Malicious code in testxhjhka (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffa2b3af066bd5f02846fff50e2189f8c3a55cb62f71dd6835f4a999cd7dab42 The package testxhjhka was found to contain malicious code. Source: ghsa-malware 0552fa210ad2b24b0f9caf718edc7aed87d7cd7c610f380cf5348bd31b2fad70 Any...
MAL-2026-545 Malicious code in testxhjhka (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffa2b3af066bd5f02846fff50e2189f8c3a55cb62f71dd6835f4a999cd7dab42 The package testxhjhka was found to contain malicious code. Source: ghsa-malware 0552fa210ad2b24b0f9caf718edc7aed87d7cd7c610f380cf5348bd31b2fad70 Any...
MAL-2026-531 Malicious code in hackerxhj (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d71044a886ff501da7e6d3e47cad40b8472b1f02b72f7dc807879b2d780f037 The package hackerxhj was found to contain malicious code. Source: ghsa-malware fd149c69b837b189dff0b260bd9ca7f30c03cb192bea4f83daf0465322a1ec13 Any...
Malicious Package
Overview hiagentxhjrce is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...