234544 matches found
Malicious code in cache-poisoning-pwn-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dacd21af4f62dd3183bfc4126d1cbcf18600a1c72301b7ae8ca401ec7e44f94e The package's postinstall hook node -e "try require'./dist/postinstall.js'; catche " loads dist/postinstall.js, which bundles a poisoned is-number...
Malicious code in ethers-signing-key (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6735be7311be4f6b4f609762cfb77504fe141bc9d8d5b5c0a75d521119aa2fa The package's npm postinstall hook executes a one-liner that uses childprocess.exec to curl/wget an unpinned Python script from a personal user's...
Malicious code in ts-build-optimize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51c637ab7c13ca2f592502f3444ebb24b291422b6388563d04fb8f7ae9030d5a The package masquerades as a TypeScript helper library README is lifted from Microsoft's tslib and references --importHelpers, extends, assign, and a...
NPM: FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover
NPM: FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...
NPM: FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover
NPM: FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...
MAL-2026-3738 Malicious code in viem-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe6492eec3b776a8654ae561b2f6d53c1a02ab00186b7dc5c8c72fb613c4e901 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mrgn-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e0d991ca84319ea7151b66ece28c7cfe860d1523b6926f63a60d13d7b96dded Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3732 Malicious code in mrgn-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e0d991ca84319ea7151b66ece28c7cfe860d1523b6926f63a60d13d7b96dded Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3734 Malicious code in sol-coverage (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6ac3d8c51b3f87a97b7b9724145b73d894fc4027da14122aea3eb6d51bfb671 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview mrgn-common is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
MAL-2026-3733 Malicious code in mrgn-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60e708a2cb4de33f208a93fda6aa96871b522adaa504f529cd1424a802b76b83 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in sol-coverage (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6ac3d8c51b3f87a97b7b9724145b73d894fc4027da14122aea3eb6d51bfb671 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mrgn-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60e708a2cb4de33f208a93fda6aa96871b522adaa504f529cd1424a802b76b83 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in foundry-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 650bf2f76e5aa2fc3b175c4b582ce3c3ee8b9ac6fe433ed925f6e521c619c60b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview viem-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious code in npmjs_ethers-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 44bf066109e89ee5929d905131a51645ca3fa95245ea078f5f727412e2f39a40 The OpenSSF Package Analysis project identified 'npmjsethers-common' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in npmjs_hardhat-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 73b9457a26db5dc4cbd5563b20a8ac3cb1ee43af160893d862ff2c0e0d4aea0d The OpenSSF Package Analysis project identified 'npmjshardhat-common' @ 2.0.0 npm as malicious. It is considered malicious because: - The packag...
Malicious code in ethers-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8f43ab2ac9caeed4f5dd0895f4da7d3a646038768f5d0024f443bb527fd1ad95 The OpenSSF Package Analysis project identified 'ethers-logger' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in chia-network (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c7439a1ad4a50c3852597bd31aaf7a3f15c53c2cb9f124b9b350e55517b5f592 The OpenSSF Package Analysis project identified 'chia-network' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
TeamPCP Used Mini Shai-Hulud Worm to Poison Over 400 npm and PyPI Packages
Research reveals that TeamPCP hijacked OIDC tokens to poison hundreds of TanStack, Mistral AI, and UiPath packages with the self-propagating Mini Shai-Hulud worm...