234602 matches found
Malicious code in @the-coca-cola-company/receipt-scanner-admin-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 046b5475599d30f293f2eeb7ab9fce35c44cd678ab2cecde2c96e588a170d822 The package @the-coca-cola-company/receipt-scanner-admin-lib was found to contain malicious code...
Malicious code in @tax-taxdev/tools-scripts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37c3192cab77322b1ecf1742c4eda9aa9e5a6b495e3bf386284a15cf36365dcc The package @tax-taxdev/tools-scripts was found to contain malicious code...
MAL-2026-2717 Malicious code in @tax-taxdev/tools-scripts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37c3192cab77322b1ecf1742c4eda9aa9e5a6b495e3bf386284a15cf36365dcc The package @tax-taxdev/tools-scripts was found to contain malicious code...
Malicious code in @mesh-atoms/typography (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec6ac39821bf7c99a476b848fcfccf47089487d33dc8eeb893b9f87e6dc7f847 The package @mesh-atoms/typography was found to contain malicious code...
MAL-2026-2715 Malicious code in @mesh-atoms/typography (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec6ac39821bf7c99a476b848fcfccf47089487d33dc8eeb893b9f87e6dc7f847 The package @mesh-atoms/typography was found to contain malicious code...
MAL-2026-2714 Malicious code in @gameforge/http-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5c80f200c1cbaa194dfc83e5a8c911c182ff110b7451512013646d9414429b4 The package @gameforge/http-server was found to contain malicious code...
MAL-2026-2713 Malicious code in @fuego-tools/analytics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8b13e975286ea5f50f12e176e5b9399e209b890fc03e8d5f890f02d83a52489 The package @fuego-tools/analytics was found to contain malicious code...
Malicious code in @evoja-web/redaction (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6b4a72b65f3b4cc6345a711aad3f9282d9ec77958341be6861f2b355ff3f976 The package @evoja-web/redaction was found to contain malicious code...
MAL-2026-2712 Malicious code in @evoja-web/redaction (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6b4a72b65f3b4cc6345a711aad3f9282d9ec77958341be6861f2b355ff3f976 The package @evoja-web/redaction was found to contain malicious code...
Malicious code in @evoja-web/react-login (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5a150d97bdfc04cfc9e3ce56a7d6238d57f578628802fa568ea6404b5463070 The package @evoja-web/react-login was found to contain malicious code...
Malicious code in @appleseed-apple/ac-sass-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c09c442c9bf5d1d38099a4ea05b85daf5b071a2d9e6e87dc72d030ecd4ca5404 The package @appleseed-apple/ac-sass-kit was found to contain malicious code...
Malicious code in @3stripes/toolkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4529c8ef3e0953799338bc7e0cc7d6ce4f1d8797b3e0984d362ebd26df6bec1c The package @3stripes/toolkit was found to contain malicious code...
Malicious code in @3stripes/shared (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ca39203b484afe25fca27596d3c3c81a0a6765ad88d3b129871375127bdb5ea The package @3stripes/shared was found to contain malicious code...
MAL-2026-2703 Malicious code in @3stripes/components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31ba4725ff03b9b0a4645734fca9af46fbd145e147f7fb7ee0942853c425f53f The package @3stripes/components was found to contain malicious code...
1router (>=0.3.96 <=1.0.2), 9router-custom (=0.3.55) +2007 more potentially affected by CVE-2026-41240 via dompurify (>=3.0.0 <=3.3.3)
dompurify NPM version =3.0.0, =0.3.96, =0.3.33, =0.5.0, =1.5.1, =0.18.0-beta.0, =0.0.1, =0.1.0-alpha.1, =0.1.0, =0.1.0, =0.0.0-dev-20240828032938, =0.2.8-experimental.0, =1.2.0, =1.0.0, =4.4.0-rc1, =4.10.8-rc26 and more Source cves: CVE-2026-41240 Source advisory: SNYK:JS-DOMPURIFY-16078387...
Malicious code in terminal-formatter (npm)
terminal-formatter is a malicious npm package that when installed postinstall-hook or imported sends local env variables, files and bash history to https://ghostraper.top and registers a new ssh key in .ssh/authorizedkeys. --- -= Per source details. Do not edit below this line.=- Source:...
Malicious code in trgrip (npm)
trgrip is a malicious npm package that when imported downloads a C2 dropper from https://44.206.172.239:7443/direct/download/97900a0e-c691-483a-a988-97b76f205c0f and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
Malicious code in tailwind-typography-cssstyle (npm)
tailwind-typography-cssstyle is a malicious npm package that when imported downloads a C2 dropper part of PolinRider campaign from crypto transactions and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
Malicious code in simple-auth-basic (npm)
simple-auth-basic is a malicious npm package that when imported downloads a C2 dropper from https://coingecko-liard.vercel.app and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8802844b712eedf88f3862f4e836efd3a767ee4944f6ec3b8c3fbe849fd741b The...
MAL-2026-2906 Malicious code in swplayer-react-sl (npm)
swplayer-react-sl is a malicious npm package that when imported downloads a C2 dropper from https://coingecko-liard.vercel.app and executes it. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb25be00997a0e21d0d5337b89729fe6c3a99c9364f8a46d4b2e2a828e845f54 The...