234644 matches found
MAL-2026-2188 Malicious code in levex-refa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba11828b57921035328d22b68ebf7ecb28dde3cedc4b58f874cf39c14583c5e0 The package levex-refa was found to contain malicious code. Source: ghsa-malware 5ce255ba60f9db881f821e9c9268a5c70e002212b5b0df88b274878592d4696d Any...
Malicious code in levex-refa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba11828b57921035328d22b68ebf7ecb28dde3cedc4b58f874cf39c14583c5e0 The package levex-refa was found to contain malicious code. Source: ghsa-malware 5ce255ba60f9db881f821e9c9268a5c70e002212b5b0df88b274878592d4696d Any...
MAL-2026-2190 Malicious code in ts-bign (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a068fd0715cfd570ef64c7f6d249383560483880d19fb75a94ac4997a742c70 The package ts-bign was found to contain malicious code. Source: ghsa-malware 6e364f088c15924f92d8290e79ca278120b3d8778345dcad0aad75e821d352e0 Any...
Malicious code in simple-util-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4e97df136a9f8721793e4556b53f908cb10a6df1b2febf5edd3d9d8ef7ab2c7 The package simple-util-kit was found to contain malicious code. Source: ghsa-malware ade2d906419f8d8a97dff43ed8530e27612faa88503c6696838b30f201d5e6c...
Malicious Package
Overview @shennmine/libsignal-node is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2026-2167 Malicious code in @shennmine/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04f4d27219071c7adbcedd56c54f0ca559b3d3651e6203b38d5170bb0e239f66 The package @shennmine/libsignal-node was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2197 Malicious code in allergan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b647cee7f2efba83a3acb7f2a6216150570618d386d85a162caf08b4fabaeb1d The package allergan was found to contain malicious code. Source: ghsa-malware 39db4e96e2f99167f5914eb406fd2fe8d3adab2598b4872dbe5f0e228cad37e7 Any...
Malicious code in console-loggers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a453dd193f8ddd250ba6ade5c711f845eced766f664cb75f7969f064a94b86f The package console-loggers was found to contain malicious code. Source: ghsa-malware 4172c3551666d2ed6e2691429d3929465e9f862f0967ff39fcad41faf23fb20...
MAL-2026-2168 Malicious code in chai-patch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b7a1b00f9cf8ff93aebfbb318e0f4da8d56a985a1eca3c305142e708dc6fc55 The package chai-patch was found to contain malicious code. Source: ghsa-malware a5b659f5744d677c50cb63bc98f750071b3db390e25b81a553debdff48ffac6a Any...
Malicious Package
Overview @rexxtheproject/elaina-libsignal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...
Malicious code in @rexxtheproject/keyed-db (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa8d0778ab610c5b6e2320997c2427bf9e6295b93fe16ae478096953c1de9b34 The package @rexxtheproject/keyed-db was found to contain malicious code. Source: ghsa-malware...
Malicious code in chai-as-chain (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bcf6b93b6186112457361f81d21c00830bf0c48c75763de88d97f1b075944cf The package chai-as-chain was found to contain malicious code. Source: ghsa-malware 1d06397b7e66c2a8ecf1542a1f7d18b0f5a87d08a276dc88f77b1f8b2d818d47...
MAL-2026-2161 Malicious code in path-external (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83954c990d9e7dddb109dea7f9ed24bc8ded6b95da0ed050b43e7486675fc67c The package path-external was found to contain malicious code. Source: ghsa-malware 28650e14b5d9d8ba8bb4df91ca765c3e40d62074928911571fbdbc9af91c4e2d...
MAL-2026-2162 Malicious code in svg-sizer-responsive (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a60820b0fbec756691b147e45ad8157501c307c7864249a6a7b112b5293846e The package svg-sizer-responsive was found to contain malicious code. Source: ghsa-malware...
Malicious code in pino-pretty-log (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2a9c035f47cbd6beb9e2f47299a689f13823a21eaef04fd6abfa9035dcb120e The package pino-pretty-log was found to contain malicious code. Source: ghsa-malware 5ddd0444ff8834bc42162fb1d88cf6d71f6044c2a636cde204484f654ce6589...
Malicious code in tailwind-animationbasis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 613bfa904c0195c7d59209123554b2be83ed4a0568c174e8b221e22725fec103 The package tailwind-animationbasis was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview @xvortexsockets/baileys is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
Software Supply Chain Smells: Lightweight Analysis for Secure Dependency Management
Modern software systems heavily rely on third-party dependencies, making software supply chain security a critical concern. We introduce the concept of software supply chain smells as structural indicators that signal potential security risks. We design and evaluate Dirty-Waters, a novel tool for...
PT-2026-27783
Name of the Vulnerable Software and Affected Versions pdf-image versions through 2.0.0 Description The pdf-image npm package versions through 2.0.0 allows for OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions utilize...
Exploit for CVE-2026-26830
CVE-2026-26830: OS command injection in pdf-image Summary...