234814 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
NPM: multiparty vulnerable to ReDoS via filename parsing
NPM: multiparty vulnerable to ReDoS via filename parsing vulnerability discovered by ? in WordPress Npm multiparty versions = 4.2.3...
Malicious code in @zentrafinance/contracts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 867d053632b3bcc143ed8f9f0f75a1dccdc210cede972e8006d698ef796793e5 The package @zentrafinance/contracts was found to contain malicious code. Source: ghsa-malware...
Malicious code in citrea-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9af3ffcf057e7fa952c80b46cbee31773e340ba668377511d7f3ee3b38c1c810 The package citrea-utils was found to contain malicious code. Source: ghsa-malware 0cbde9fcd3b6b009f9d8b0ff2dc739d877beb20223d14d402fcbc90515470eac A...
MAL-2026-3831 Malicious code in citrea-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9af3ffcf057e7fa952c80b46cbee31773e340ba668377511d7f3ee3b38c1c810 The package citrea-utils was found to contain malicious code. Source: ghsa-malware 0cbde9fcd3b6b009f9d8b0ff2dc739d877beb20223d14d402fcbc90515470eac A...
Malicious code in ctf-flare (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23293f1bc28e465f7ffaf916fd8a6cc3958b873a2b338b81c0bf71bb146d1d36 package.json declares a postinstall script that runs node src/install.js after building a local binary. src/install.js is a 175 KB single-line payloa...
MAL-2026-3836 Malicious code in ctf-flare (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23293f1bc28e465f7ffaf916fd8a6cc3958b873a2b338b81c0bf71bb146d1d36 package.json declares a postinstall script that runs node src/install.js after building a local binary. src/install.js is a 175 KB single-line payloa...
MAL-2026-3825 Malicious code in safe-env-reader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad60c5cf4596544e0850900c3340d21c5fec76024a063c057b8b935b02366d4d The package safe-env-reader was found to contain malicious code. Source: ghsa-malware 8fc3e1ef0bee11b2c0e5cb99d3c821492232db6c715fd90cde09c74aa86b926...
MAL-2026-3823 Malicious code in parse-escape-regex-string (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41f2d6da130b64c53517f7be20b6f43e0fde62b07a805a2689d1baa4f8c30c1c The package parse-escape-regex-string was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3810 Malicious code in @pluxee-connect/account-db-api-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49a36af66b1c55fbf7a78529c1fe2d15b819cef018300a03cdc8e0a1b59f36c9 Version 99.0.0 of this package targets an internal-looking npm scope and ships a postinstall.js that, on every npm install, reads os.hostname,...
Malicious code in citrea-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd20c7509b081678aafda4ba6ba713f0604260082e2a52d79f0fb94a49a2ba52 The package citrea-sdk was found to contain malicious code. Source: ghsa-malware da76b8e09db42c5bea1b9b971c8ea392e906f297b2931f289c3960ffc04a6e3f Any...
MAL-2026-3821 Malicious code in citrea-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd20c7509b081678aafda4ba6ba713f0604260082e2a52d79f0fb94a49a2ba52 The package citrea-sdk was found to contain malicious code. Source: ghsa-malware da76b8e09db42c5bea1b9b971c8ea392e906f297b2931f289c3960ffc04a6e3f Any...
Malicious code in citrea-bridge (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23fdd6beb009e7afba647c12314e567a8c1bc2be715524724645820fc6239852 The package citrea-bridge was found to contain malicious code. Source: ghsa-malware abffe603b7967ca2d5e19b9daed6989d966c78d638b7367a926ef2d9fa9e6997...
MAL-2026-3820 Malicious code in citrea-bridge (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23fdd6beb009e7afba647c12314e567a8c1bc2be715524724645820fc6239852 The package citrea-bridge was found to contain malicious code. Source: ghsa-malware abffe603b7967ca2d5e19b9daed6989d966c78d638b7367a926ef2d9fa9e6997...
MAL-2026-3809 Malicious code in @tc-core/campus-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c58f691cfdb7301c271067776e2e3bc260d4cbb8880345d03e840729d849b580 The package @tc-core/campus-service was found to contain malicious code. Source: ossf-package-analysis...