MAL-2026-1313 Malicious code in iron-pages (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa0828e4b92294651d9b815203d5e2e7cbe45cce351dfa340bb6a79481a4a0cd The package iron-pages was found to contain malicious code. Source: ghsa-malware ec5456f01c9dadf3a140d1cd4974007405b2fdf1a9f1639c264a194555229ec4 Any...

Malicious Package

Overview @platform-growth/guidance-channel-provider is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

Malicious Package

Overview amt-package-united-icons is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious code in iron-localstorage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b4370af9c8f0db5604f7bc2648c64054140ea6fbcfebd4eef181c7330efaf77 The package iron-localstorage was found to contain malicious code. Source: ghsa-malware...

Malicious code in @mmm-otrade/transaction-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bf4c9f5e8a8d9c59d2880a5aafe18bd8780c33c876d202589f4751d5447ce1c The package @mmm-otrade/transaction-adapter was found to contain malicious code. Source: ghsa-malware...

Malicious code in iron-image (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64bb41903e84d6a7adabb1c7268258090468e2e83e6f31fb679d594e8266f79e The package iron-image was found to contain malicious code. Source: ghsa-malware 11a0db876976d8589a7d975fb9c112f6569a4fc2708fb21c378166c2a1f8d204 Any...

GHSA-QR2G-P6Q7-W82M x402 SDK Security Advisory

Impact A security vulnerability exists in outdated versions of the x402 SDK. This vulnerability does not affect users' private keys, smart contracts, or funds. The issue impacts resource servers accepting payments on Solana when the facilitator is running a vulnerable version of the x402 SDK. Who...

Malicious Package

Overview @justworkshr/alma is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview @rrvis/logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview wt-fe-buz-utilities-url is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

Malicious Package

Overview @bytedanc-ad/mui-wc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview sap-adminemail is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview @saferpay/components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview tautoak4-hello-world is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview robloxbootstrapper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview tautoake4-hello-world is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview bloxbootstrap is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview cx-web-themes is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview sap-auth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview cursor-shadow-workspace is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...