234544 matches found
Malicious code in nepsnowplow (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7e26395712f5003186b16919b17058dbc8d140aae9ab0dc20d5add9624cc35c6 The OpenSSF Package Analysis project identified 'nepsnowplow' @ 9999.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2026-5110 Malicious code in jingmeideshishi (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe45a0c6c68a7c9bff9135ecd725baea4558380b10e02e2ed1670f20146d6633 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @osamdefeirrighs/testhackfrrferrr (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc1c3467aded71e3ee2e4dbb16bac4d9257a03410188ea98624a09a4263825c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview @osamdefeirrighs/testhackfrrferrr is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...
Malicious code in @ewfewfewf/testhackerrr (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47e70cb260a34952bd8dabf1cbb510efbc9072e3d809a03deec32a70745e4d3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview audit-logsss is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview cms-github is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
MAL-2026-5108 Malicious code in cms-helpgit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb11c1d166cf4cf2726b7b89e77a41224b1abe19c6666ea0f06bdc06ebf967c5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview cms-helpgit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
Malicious code in cms-helpgit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb11c1d166cf4cf2726b7b89e77a41224b1abe19c6666ea0f06bdc06ebf967c5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview chainix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
MAL-2026-5105 Malicious code in @tmecontinue/cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91dc0ad891441e786e37b86bbf8e4f881519bcfd68db3525c1a38f2064dbbbfe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5163 Malicious code in @emcd-vue/auth (npm)
Part of a coordinated multi-package supply-chain attack impersonating EMCD emcd.io, a legitimate Russian cryptocurrency exchange and mining pool. The attacker registered the @emcd-vue npm scope to pose as an internal Vue.js front-end tooling package from "EMCD Platform Engineering." The package...
MAL-2026-5112 Malicious code in @redhat-cloud-services/eslint-config-redhat-cloud-services (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
MAL-2026-5129 Malicious code in @redhat-cloud-services/hcc-feo-mcp (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in @redhat-cloud-services/types (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in @redhat-cloud-services/frontend-components-config (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...