ROOT-APP-NPM-CVE-2024-29415 CVE-2024-29415 in @rootio/ip - Patched by Root

Root has patched CVE-2024-29415 in the @rootio/ip package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-25896 CVE-2026-25896 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-25896 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2020-15084 CVE-2020-15084 in @rootio/express-jwt - Patched by Root

Root has patched CVE-2020-15084 in the @rootio/express-jwt package for Root:npm. Multiple fixed versions available...

MAL-2026-5186 Malicious code in autotel-terminal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eecd710c08cdc339632aae89ee93e200267cea1c34d6b429ca9202265480842f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ROOT-APP-NPM-CVE-2026-41673 CVE-2026-41673 in @rootio/xmldom__xmldom - Patched by Root

Root has patched CVE-2026-41673 in the @rootio/xmldomxmldom package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-32236 CVE-2026-32236 in @rootio/backstage__plugin-auth-backend - Patched by Root

Root has patched CVE-2026-32236 in the @rootio/backstageplugin-auth-backend package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-35213 CVE-2026-35213 in @rootio/hapi__content - Patched by Root

Root has patched CVE-2026-35213 in the @rootio/hapicontent package for Root:npm. Multiple fixed versions available...

MAL-2026-5179 Malicious code in chai-midpatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4deffa7a98fc055452391610a3ab832bace310cf34ecc058287f45cab02c656c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5175 Malicious code in webpack-json (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abd3559fc62e362d5e4d5068126317096f7e2e483d97bba9f59e192a9d49a363 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. Learn more Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The...

Malicious code in fundraiserserv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c27dec042a9f69f24c1a2c860af27a2625740dbd7b7fc3d059659fae6f628c25 The OpenSSF Package Analysis project identified 'fundraiserserv' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious Package

Overview chai-parse is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in page-info-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d4a2106922e9e3851658667cacaa2c2818cdb56cd0c4df6778c0cb7fbed2338e The OpenSSF Package Analysis project identified 'page-info-service' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...

Malicious Package

Overview whatsadmaidk is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

Malicious Package

Overview speed1 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertising...

Malicious Package

Overview ratelimitsucks is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

Malicious Package

Overview opensearch-config-utility is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

Malicious Package

Overview nottuff26 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

Malicious Package

Overview nottuff28 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

Malicious Package

Overview nottuff22 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...