MAL-2026-6491 Malicious code in hexo-deployer-wrangler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebc95a6a1ae1e522feabf03446f9791372191e27ca9da454717559b6cc6948eb The package ships a binding.gyp file line 6 containing GYP command-expansion syntax !... inside the targets/sources fields. npm implicitly runs...

Malicious code in leo-auth (npm)

The leo-auth npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

Malicious code in leo-connector-mysql (npm)

The leo-connector-mysql npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

Malicious code in leo-config (npm)

The leo-config npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

MAL-2026-6431 Malicious code in leo-streams (npm)

The leo-streams npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

org.webjars.npm:canvas (>=2.5.0 <=2.6.0), org.webjars.npm:color-thief (=2.2.5) +12 more potentially affected by CVE-2026-29786 via org.webjars.npm:tar (>=0.1.20 <=4.4.19)

org.webjars.npm:tar MAVEN version =0.1.20, =2.5.0, =0.97.5, =0.2.0, =3.4.0, =0.6.19, =2.0.0, =3.1.4, =3.4.1 - org.webjars.npm:tar.gz =1.0.7 Source cves: CVE-2026-29786 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15416076...

Prettier eslint-config-prettier Embedded Malicious Code Vulnerability

Prettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows...

Malicious code in napi-postinstall (npm)

This package installs a windows based malware file node-gyp.dll via install.js...

Malicious code in eslint-plugin-prettier (npm)

This package installs a windows based malware file node-gyp.dll via install.js...

Malicious code in eslint-config-prettier (npm)

This package installs a windows based malware file node-gyp.dll via install.js...

Malicious code in synckit (npm)

This package installs a windows based malware file node-gyp.dll via install.js...

GHSA-F29H-PXVX-F335 eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall have embedded malicious code

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows...

CVE-2025-54313

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows...

CVE-2025-54313

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows...

VulnCheck KEV: CVE-2025-54313

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows...

CVE-2024-21538 vulnerabilities

Vulnerabilities for packages: airflow, lerna, graalvm, opensearch-dashboards, kibana, tileserver-gl-fips, renovate, pgadmin4, eslint, sqlpad, ts-patch, argo-workflows, node-gyp, vitess, opensearch-dashboards-fips, tileserver-gl...

Malicious code in module-with-node-gyp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad0399f36bb5f87a753f7cfc481eebea229a86f704ea5e7fe4b1c82bb19bf0a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in en-node-gyp-build (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2300 Malicious code in en-node-gyp-build (npm)

--- -= Per source details. Do not edit below this line.=-...

GHSA-78XJ-CGH5-2H22 vulnerabilities

Vulnerabilities for packages: npm, lerna, renovate, sqlpad, node-gyp...