MAL-2026-3823 Malicious code in parse-escape-regex-string (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41f2d6da130b64c53517f7be20b6f43e0fde62b07a805a2689d1baa4f8c30c1c The package parse-escape-regex-string was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3810 Malicious code in @pluxee-connect/account-db-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49a36af66b1c55fbf7a78529c1fe2d15b819cef018300a03cdc8e0a1b59f36c9 Version 99.0.0 of this package targets an internal-looking npm scope and ships a postinstall.js that, on every npm install, reads os.hostname,...

Malicious code in citrea-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd20c7509b081678aafda4ba6ba713f0604260082e2a52d79f0fb94a49a2ba52 The package citrea-sdk was found to contain malicious code. Source: ghsa-malware da76b8e09db42c5bea1b9b971c8ea392e906f297b2931f289c3960ffc04a6e3f Any...

MAL-2026-3821 Malicious code in citrea-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd20c7509b081678aafda4ba6ba713f0604260082e2a52d79f0fb94a49a2ba52 The package citrea-sdk was found to contain malicious code. Source: ghsa-malware da76b8e09db42c5bea1b9b971c8ea392e906f297b2931f289c3960ffc04a6e3f Any...

Malicious code in citrea-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23fdd6beb009e7afba647c12314e567a8c1bc2be715524724645820fc6239852 The package citrea-bridge was found to contain malicious code. Source: ghsa-malware abffe603b7967ca2d5e19b9daed6989d966c78d638b7367a926ef2d9fa9e6997...

MAL-2026-3820 Malicious code in citrea-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23fdd6beb009e7afba647c12314e567a8c1bc2be715524724645820fc6239852 The package citrea-bridge was found to contain malicious code. Source: ghsa-malware abffe603b7967ca2d5e19b9daed6989d966c78d638b7367a926ef2d9fa9e6997...

MAL-2026-3809 Malicious code in @tc-core/campus-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c58f691cfdb7301c271067776e2e3bc260d4cbb8880345d03e840729d849b580 The package @tc-core/campus-service was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @citi-icg-158830/icgds-react-css (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6255b5d27ddf97d5093328983d54e39a05ce73176cdc472aa2df8499fa506f1e The package @citi-icg-158830/icgds-react-css was found to contain malicious code. Source: ghsa-malware...

Malicious code in @citi-icg-158830/elemental-ui-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2287a3953db1a78e6d96679e8e7b737b492f81d3a86d14418ac301d6c4858a6 The package @citi-icg-158830/elemental-ui-react was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3815 Malicious code in @zentrafinance/types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aa8866d3eaa828e8b575d8351ed3430237e14f71bb1af0acc90c468a7e8b8cb The package @zentrafinance/types was found to contain malicious code. Source: ghsa-malware...

Malicious code in @zentrafinance/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95b69f41a2a81d2acb41f5d3282c7db06d5c90f40918246184ddec6e878c5ecb The package @zentrafinance/sdk was found to contain malicious code. Source: ghsa-malware...

Malicious code in apexpro-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95c8a3b29ed31b909fa4a13a8b310c4cee8f115748f7b708aeab52ab2b66fdbb The package apexpro-node was found to contain malicious code. Source: ghsa-malware e4cc91e23bb614febd12cef6d21d4456fb9cfa198c2aa76215d1b38dd820d9b4 A...

MAL-2026-3816 Malicious code in apex-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33a26a7f829a26ef83ab119b6d61de6109d553f0b34432bf1efb37d5f56f4064 The package apex-connector was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3818 Malicious code in apexomni-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24e9d6ad71ac3eb0c091e0d70625e7daec5ed0352e8b8a4ed2273f2563aafad9 The package apexomni-node was found to contain malicious code. Source: ghsa-malware 7412ab94dec4136827a9aaa0f414452c3bbf8f23b2ea6820b29a1b4e8cc156f5...

budibase (>=0.0.3 <=0.0.31) potentially affected by CVE-2026-45715 via @budibase/server (>=0.0.1 <=0.0.9)

@budibase/server NPM version =0.0.1, =0.0.3, =0.0.31 Source cves: CVE-2026-45715 Source advisory: OSV:GHSA-FGQV-JH4G-PVG2...

NPM: Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation

NPM: Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation vulnerability discovered by ? in WordPress Npm better-auth versions 1.4.17...

MAL-2026-3802 Malicious code in @datatrain/passenger-v3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ff70d96169a200be30c83b3e37506f7abf2f377ed1d6dec8005269d98b58104 The package @datatrain/passenger-v3 was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in dowload_ebok_como_leer_el_futbol_by_ruud_gullit_8qd97 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60192fdff4e24c7d8a8a8feebf26b8aa9408dacbc59475649335e0efc03969f6 The package dowloadebokcomoleerelfutbolbyruudgullit8qd97 was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3796 Malicious code in dowload_ebok_los_enemigos_del_comercio_by_antonio_escohotado_6t2l4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ecb449c7c0f418834fbc3e22c6d061ef50d4d6bdbb1e40d19fb85023be2be5f The package dowloadeboklosenemigosdelcomerciobyantonioescohotado6t2l4 was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3797 Malicious code in dowload_ebok_stalking_jack_the_ripper_by_kerri_maniscalco_james_patterson_b529t (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1486e8a5f17dfc7a56252ff489f714a2ab7a0befd20da59b43d93d31f8587149 The package dowloadebokstalkingjacktheripperbykerrimaniscalcojamespattersonb529t was found to contain malicious code. Source: ghsa-malware...