@anngdinh/remote-mcp-server-authless (=0.0.0), @aredes.me/mcp-camara (=1.0.6) +140 more potentially affected by CVE-2026-1721 via agents (>=0.0.100 <=0.2.35)

agents NPM version =0.0.100, =0.4.0, =1.1.1, =0.1.0, =0.2.0, =0.1.0, =0.0.1, =1.0.2, =1.0.1, =1.0.27 - @famma/mcp-auth =0.0.4 and more Source cves: CVE-2026-1721 Source advisory: OSV:GHSA-CVHV-6XM6-C3V4...

Malicious code in envoy1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f06e472b4bdab1dd15a395732da65c1814588afb9acec484f386061ec9c16b3c The package envoy1 was found to contain malicious code. Source: ghsa-malware 877dda74ff1a6579d4bd819a2f752baae0c5f7972ae585756a93dceb01dd57af Any...

Malicious Package

Overview express-gueues is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in osopackage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81f944909c442d3ce5de69ca15e63f1dc9aac8408cd2d3875794fde6ac0c4efd The package osopackage was found to contain malicious code. Source: ghsa-malware ea6582943b363713bda63ec879242935fe1a5f5efa7be40fbb87173570f642a0 Any...

MAL-2026-857 Malicious code in osopackage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81f944909c442d3ce5de69ca15e63f1dc9aac8408cd2d3875794fde6ac0c4efd The package osopackage was found to contain malicious code. Source: ghsa-malware ea6582943b363713bda63ec879242935fe1a5f5efa7be40fbb87173570f642a0 Any...

Malicious Package

Overview @ux-foundry/palette is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in express-configer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e492b9087ab21198777e586b9d21eade1fe2948bb67f1ab484c7274056861276 The package express-configer was found to contain malicious code. Source: ghsa-malware 8484436a0b43b94054c0fa7ceb955362a6557d9bef3019e2fae2e51e42ff1f...

Malicious code in aligners (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d584eeb0828c4c86b7ae383fff091f8bb711aff14a9d8a507bfdd0ada40ecb5 The package aligners was found to contain malicious code. Source: ghsa-malware fa92eba5bbd1fb9325eefaa7c363cd2827b4b4e381776d06090a0cbb001d96af Any...

Malicious code in sap-code-style-guides (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13203a88392c91986f587e28ca25120b54f0c4d4ee5dd2c330c2bbbe6243203a The package sap-code-style-guides was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview chai-as-approved is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview @skyeng/libs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-806 Malicious code in web3-chain-sinon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d656a8031870a05e2b7fa8dec1f3f9b9b48c3d8de3d93df42c787c139b0693a5 The package web3-chain-sinon was found to contain malicious code. Source: ghsa-malware f522ddb6d36708e509e4e4074bed2658a3a1e4101d4a45bb588e08c611cc33...

MAL-2026-807 Malicious code in web3-sinon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6990443632c3224a5e897d1747fcd76f782eda8d020447076d59cf305b03c82 The package web3-sinon was found to contain malicious code. Source: ghsa-malware 7d195e4b1eda9212f69e313de4107deae82670a9615ec25b86c8aaaf3df0e1f9 Any...

Malicious Package

Overview @rsgweb/rockstar-account is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview @rsgweb/utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in @rsgweb/modules-core-feedback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45c68d1fafad6a94ebe843e20901dd8e5251d0b27b963d07e71ecefbd16c7465 The package @rsgweb/modules-core-feedback was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview @meli-lint/eslint-config-base is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index PyPI repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution. The compromised versions of the tw...

MAL-2026-784 Malicious code in monkey-tags (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d92f2c8690bbb505437734e0b5ffe74a1c8a9411dde8716bd9440600db0a0f1d The package monkey-tags was found to contain malicious code. Source: ghsa-malware 18cc7d0ec7d65006d2618f716b268a58021234dc7bcad189f062848160afd16f An...

MAL-2026-785 Malicious code in ppe-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1914d3cfcb631f551660417c0441d7e6eb3929ee6c4cadd6088e551462ead553 The package ppe-test was found to contain malicious code...