234568 matches found
MAL-2026-3415 Malicious code in ac-sasskit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8d0a627b8de0f6fc1b418dbc3f6242c1b3c4a0e39e5de9d6b70edce441d72db The package ac-sasskit was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3422 Malicious code in rsflows-pexml (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ef5b11ec067e18cc3a024fee21e569e0f44cf180619e974cbb1dd8325e1b10c The package rsflows-pexml was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in rsflows-pexml (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ef5b11ec067e18cc3a024fee21e569e0f44cf180619e974cbb1dd8325e1b10c The package rsflows-pexml was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3420 Malicious code in noon-contracts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e2a4c1ac3896b7769b47ab6659bf7b0d49f229963c910d0c9b9be11c5291c12 The package noon-contracts was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @miurba/alcazaba (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36c814274998998c89db63740c3d1032c8da3d6f6f9e44e100328c83e4ea29a0 The package @miurba/alcazaba was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3410 Malicious code in @miurba/alcazaba (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36c814274998998c89db63740c3d1032c8da3d6f6f9e44e100328c83e4ea29a0 The package @miurba/alcazaba was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3409 Malicious code in mw-filesystem-events-nodream (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3da27e815b33bf88dc4fb31bc8b5558501b65ded9de77aab08e7ae785c2c38b The package mw-filesystem-events-nodream was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in mw-filesystem-events-nodream (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3da27e815b33bf88dc4fb31bc8b5558501b65ded9de77aab08e7ae785c2c38b The package mw-filesystem-events-nodream was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in erslove (npm)
erslove is a typosquatting package impersonating resolve, the module resolution library implementing require.resolve semantics. The package bundles the legitimate resolve source and test fixtures to appear functional while hiding a credential-theft payload in index1.js, executed at install time v...
CVE-2025-63703
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...
CVE-2025-63704
NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...
MAL-2026-3421 Malicious code in oneblk-design-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f46bbc3e155a30851463f65a3f9d5af33ebd5172df5ad70f7b022a77448fc6eb The package oneblk-design-system was found to contain malicious code. Source: ossf-package-analysis...
NPM: Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability
NPM: Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability discovered by ? in WordPress Npm cline versions = 2.13.0...
Malicious code in typo-crypto (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64edea611ad8e383c09495a7a6f7afd4fb86b88136c331ddf787bf0285259bf3 The package typo-crypto was found to contain malicious code...
MAL-2026-3400 Malicious code in typo-crypto (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64edea611ad8e383c09495a7a6f7afd4fb86b88136c331ddf787bf0285259bf3 The package typo-crypto was found to contain malicious code...
NPM: fast-uri vulnerable to path traversal via percent-encoded dot segments
NPM: fast-uri vulnerable to path traversal via percent-encoded dot segments vulnerability discovered by ? in WordPress Npm fast-uri versions = 3.1.0...
NPM: fast-xml-builder allows attribute values with unwanted quotes to bypass malicious or unwanted attributes
NPM: fast-xml-builder allows attribute values with unwanted quotes to bypass malicious or unwanted attributes vulnerability discovered by ? in WordPress Npm fast-xml-builder versions = 1.1.6...
Malicious code in tecken (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e7ecb06d2778fcefe87592b7fa63b3030929cd86f643ee6b03491bcf77ba4af The package tecken was found to contain malicious code. Source: ossf-package-analysis d4e6037c07125a354ac2958e36321453a0dc6e28dcfe5f3c5749f58c302cb90...
Malicious code in msal-browser-1p (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b048f9df96df1367009fbcb80c4ad7b3ed89133bfe1fd86324c74e1c2d681c81 The package msal-browser-1p was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in playgod (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0aee4818420709f0d12c4a32c97671628fffdb1255fefd1895b2c3f880f8b2b The package playgod was found to contain malicious code. Source: ossf-package-analysis a700663ab039dd35fa24734d883219fff845bb0c6017a5e0dcb0191dfa4676...