234641 matches found
MAL-2026-2600 Malicious code in cms-site-api-js-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7c005e0d9ed50229f543036c5c8bd9dd61a1ad0b5373efab2aa9fdba45084f9 The package cms-site-api-js-client was found to contain malicious code. Source: ghsa-malware...
Malicious code in dwaiter-company-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 602a450ab8f9d48b5e7ca03f6e4cf89803a6f1a0e6e35d453c92e59143096577 The package dwaiter-company-web was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2606 Malicious code in mdb-react-sortable (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 221ae0ca7ee784d6ab2d9bb463b65dc3d998114b51b3dd7a4f3585ef2b1ed11a The package mdb-react-sortable was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2605 Malicious code in kaltura-ngx-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33934fb6026f53c4e012992591edb1038036a17c485afca8e8fb3e40083a44ce The package kaltura-ngx-client was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview symphony-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in @b2b-portal/kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa5c1b32159c7e6dc9c07e663c7f8cf3b3ee24450a33289a1a79589c69906eed The package @b2b-portal/kit was found to contain malicious code. Source: ghsa-malware 20de22d7080860e2c01f3de58d2809af28e543302e49545749666efd4956c23...
Malicious Package
Overview @b2b-portal/kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in markdownlint-rule-link-pattern (npm)
Malicious package due to data exfiltration via preinstall, test and preupdate scripts using wget to send user, path, and hostname to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c5ffad19a9d8a62d1ee2a266767e609ffeba74597b50248d751b28cdffae844...
Malicious code in bitu-staking (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adb12160da2b84d2f9c21c6d5f3a2d803e574fcf593e9d84da3b5e8cbbdef96e The package bitu-staking was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in pt-sc-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 925a5c001d049ecefbe72bc5ba4090904c882bf13b6f97493387fe3ed04a661f The package pt-sc-logger was found to contain malicious code. Source: ghsa-malware deaf63bd8a081fcc49f46fdb9b4300abef500b33eba7034bbd8de142a60db3cd A...
MAL-2026-2613 Malicious code in upstart-offer-container (npm)
Package collects sensitive data SSH keys, AWS creds, env vars, exfiltrates it to a remote server, and executes shell commands. MALWARE! --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 148e48dd7b06a250063027a17895962000ca784a3fe52b704bea049afc85763a The package...
MAL-2026-2620 Malicious code in upstartportal (npm)
Collects system info, reads sensitive files, and exfiltrates data to a suspicious host. Multiple YARA matches confirm malicious intent. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 932dee0dcf84fc1044efb1ec35950d6102fcbb5122f26cca5e2b1f13eb599729 The package...
Malicious code in upstartportal (npm)
Collects system info, reads sensitive files, and exfiltrates data to a suspicious host. Multiple YARA matches confirm malicious intent. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 932dee0dcf84fc1044efb1ec35950d6102fcbb5122f26cca5e2b1f13eb599729 The package...
Malicious code in upstartadmindashboard- (npm)
The package is a malware. It exfiltrates system info to a hardcoded domain, collects sensitive data, and executes suspicious commands. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0760e39fa3fc4d272de9fb78decddc3a25ae673efe12e9bff4e8d9f28ee5c55 The package...
MAL-2026-2619 Malicious code in upstartloans (npm)
Collects and exfiltrates sensitive data credentials, keys, history to p1s.uk with disabled SSL validation. Suspicious postinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a1d5c610e0cc5ec6be53b8d0d986d5ddef30937d04c977998db4c2d4b0be908 The package...
Malicious code in upstartloans (npm)
Collects and exfiltrates sensitive data credentials, keys, history to p1s.uk with disabled SSL validation. Suspicious postinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a1d5c610e0cc5ec6be53b8d0d986d5ddef30937d04c977998db4c2d4b0be908 The package...
MAL-2026-2611 Malicious code in upstart-lending-status (npm)
Package is malware. It steals credentials, collects system info, and exfiltrates data to a remote server via postinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 627a2802a53ad7eb751fcac4b0a43245c6b0bf9e667db77051758b24d8bc4d96 The package...
Malicious code in upstartapplicationstatus (npm)
Package is malware. Collects and exfiltrates sensitive info SSH keys, credentials, env vars via insecure HTTPS/HTTP after install. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e154270d6b3540f095f5fc77ab1167448e967009cbb719f6fc087c32fadce15f The package...
MAL-2026-2616 Malicious code in upstartapplicationstatus (npm)
Package is malware. Collects and exfiltrates sensitive info SSH keys, credentials, env vars via insecure HTTPS/HTTP after install. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e154270d6b3540f095f5fc77ab1167448e967009cbb719f6fc087c32fadce15f The package...
MAL-2026-2614 Malicious code in upstart.previewcss (npm)
Package is malware. It collects and exfiltrates sensitive data SSH keys, credentials, environment variables and system info to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd2d5c329f24c54ca68ce21884867d6b4db6ae64d0e2041af60deb2203cc8830 The...