136620 matches found
Malicious code in plain-crypto-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f18d90df82216aedaaeca02607816457cfe0df4bc89bf292a4d7f3549e912d8c The package plain-crypto-js was found to contain malicious code. Source: ghsa-malware 4dfdc3dd18fb6fe824f34c663d26a2f7225e65a4b858a6f3ed6620a7a725c86...
PT-2026-31957
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.24 Description OpenClaw versions before 2026.3.24 contain an arbitrary code execution vulnerability during local plugin and hook installation. Attackers can exploit this by crafting a malicious .npmrc file wit...
MAL-2026-2296 Malicious code in bos-decoration-elements (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cb5985779c5099333bec5b084b209c36dea0dd9fa47ef2c2d7c3630c33daaa5 The package bos-decoration-elements was found to contain malicious code. Source: ossf-package-analysis...
@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +11 more potentially affected by CVE-2026-35629 via openclaw (>=0.0.1 <=2026.3.24)
openclaw NPM version =0.0.1, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =3.3.2, =3.3.7 Source cves: CVE-2026-35629 Source advisory: OSV:GHSA-RHFG-J8JQ-7V2H...
Malicious code in f0-state-manager (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 989b5f62777b6b7fbd236eb28a54b0e42ba48548dc0a49919c5f311c1f1c7072 The package f0-state-manager was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2287 Malicious code in f0-state-manager (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 989b5f62777b6b7fbd236eb28a54b0e42ba48548dc0a49919c5f311c1f1c7072 The package f0-state-manager was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in npmamzs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25a8c88c6c60c588983806906169ffad0a2a863d45482ac8e2740f320f7cb2ea The package npmamzs was found to contain malicious code. Source: ossf-package-analysis d494475ee013b73bb0df9b1f0533b2f169fb6feff4b7c3c282c3629588be4e...
Malicious Package
Overview secure-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
MAL-2026-2236 Malicious code in onboarding-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44d4a1844921cebc245e39614ba7b999c3890d048ad81429d89d9daf45038ecd The package onboarding-server was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2234 Malicious code in security-install-analytics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae1479aa9ec70d315ba69eec145d02655fe633a7f253ba7b0b3d082895b1ca35 The package security-install-analytics was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in security-install-analytics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae1479aa9ec70d315ba69eec145d02655fe633a7f253ba7b0b3d082895b1ca35 The package security-install-analytics was found to contain malicious code. Source: ossf-package-analysis...
Malicious Package
Overview @zecho/baileys-mod is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in jito-validator-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5744d7d3aef03ec852963ebeca1a6357db3aa7bc925bae6e85f173692fc12eb0 The package jito-validator-sdk was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2222 Malicious code in chain-coremesh (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53c78d25a9b5c960f74dda3653e6f237df054e60b0234511fa4e9fe3d650a00f The package chain-coremesh was found to contain malicious code. Source: ghsa-malware 7c22f3e9c994c2b163ca8dc9cfdd501768a8ed0163ccc7c9fde8160ace616303...
Malicious code in @emilgroup/discount-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98b66c2b21da822102c367293fd9acc95e864afb9bb8ddebcb3ac0d49ccf583e The package @emilgroup/discount-sdk-node was found to contain malicious code. Source: google-open-source-security...
MAL-2026-2208 Malicious code in @emilgroup/setting-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 679e8996c56ffd334a5fd610afb087430e91e54ef7371e70ba8ce6170b3b9cf9 The package @emilgroup/setting-sdk was found to contain malicious code. Source: google-open-source-security...
Malicious code in @emilgroup/setting-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 679e8996c56ffd334a5fd610afb087430e91e54ef7371e70ba8ce6170b3b9cf9 The package @emilgroup/setting-sdk was found to contain malicious code. Source: google-open-source-security...
Malicious code in @emilgroup/partner-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b0abde6a2a005b2c63f18e87169a3b47ddfe6fb943ad82a005e1d3d3a8e5887 The package @emilgroup/partner-sdk was found to contain malicious code. Source: google-open-source-security...
Malicious Package
Overview cr-static-shared-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @universeorg/dotenv is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...