234569 matches found
MAL-2026-3301 Malicious code in ally-json-threat-protect (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb4a9c944048dc2fdb9d7ee1039eff0984813556164a746b249d5e4aaa80069f The package ally-json-threat-protect was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3302 Malicious code in ally-starter-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac9875cbfe312bac49b96d321664e13d98ff6214d38db1d0b3339500a83204cc The package ally-starter-api was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3300 Malicious code in ally-forms (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a3b62d3c11f608087ea0651eb467ec7e0c9e43258abb6df889f64c8d1a6eb61 The package ally-forms was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3298 Malicious code in ally-ccapi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b70ba9950b3624a3cb0afb844592910fe317569f314fd6681870857d638b1cfc The package ally-ccapi was found to contain malicious code. Source: ghsa-malware c3a850b3a4466c4cc00dee663a54c3bcc8a23c9c74e5e01a9b14f27b616d9934 Any...
MAL-2026-3296 Malicious code in ally-badges (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 628f679ca3d11168a5d0e0930680b72c113158a013369f538a273ce91cb5e5a6 The package ally-badges was found to contain malicious code. Source: ghsa-malware 9c052706f47011272c0f6a24723dc146f15603ac21d81708fa2b91678889df60 An...
Malicious code in nextjs-chat-with-ai-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ff3e52e4957291f626e1225ab3b81194c80cd8c6037f943298f6170f98dbe9b The package nextjs-chat-with-ai-service was found to contain malicious code. Source: ghsa-malware...
Malicious code in apexomni (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a53c153f68abdc118a92f4c3a13c2ad21e0d098bdf5e7cf57e679e467b226c06 The package apexomni was found to contain malicious code. Source: ghsa-malware 8ec8450f87a6c99576d96e1c59179c61ef89603915c8d003af0f5f6992348092 Any...
Malicious code in ams-ssk (npm)
Malicious npm package published by user shetty123 as part of a Telegram account hijacking framework targeting Indian Telegram users. All 31 published versions 1.0.0 through 1.0.33 are malicious. Pairs with common-tg-service, which performs the client-side Telegram account takeover. ams-ssk is the...
Malicious code in codewhisperer-streaming (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f51029062b1172921ad99025d73d75bbf937d2d4c3b111ab8a4d09db2ef91caf The package codewhisperer-streaming was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3232 Malicious code in codewhisperer-streaming (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f51029062b1172921ad99025d73d75bbf937d2d4c3b111ab8a4d09db2ef91caf The package codewhisperer-streaming was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3215 Malicious code in archetype-style (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a6fb5b405c9035099932e46f80bb6fe9740d3f727020700cc1e6ad36db2caf8 The package archetype-style was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in update-browserslist (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c4a878cc9c9ebf1f260c89d735fe37a0a802bdb61300bc93f018d2e3a8af520 The package update-browserslist was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3308 Malicious code in common-roles (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f602ee3e4db38c8befaab761a5f06c83f1a48c33822478a3ae25e315fcd337a2 The package common-roles was found to contain malicious code. Source: ossf-package-analysis...
Malicious Package
Overview blackbeards-navigator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in path-addon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba1a7df799b6bd11bd036f1cfb1de6b1dfe0e4e72082be1b8a60537a59e5ae58 path-addon impersonates the Node.js core path module package name path-addon, README claims to be 'an exact copy of the NodeJS path module'. The body...
MAL-2026-3310 Malicious code in gweb-build-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e936ec36e6d3de012d7e5815e450c5339f9e297b8b605bb7ccc64a441fd0d5ef The package gweb-build-system was found to contain malicious code. Source: ghsa-malware...
EUVD-2026-26474
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...
CVE-2026-42994
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...
CVE-2026-42994
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...
n8n Node.js Package < 1.123.32 / 2.x < 2.17.4 / 2.18.x < 2.18.1 XML Node Prototype Pollution RCE (GHSA-hqr4-h3xv-9m3r)
The version of the n8n Node.js Package installed on the remote host is prior to 1.123.32, 2.x prior to 2.17.4, or 2.18.x prior to 2.18.1. It is, therefore, affected by a remote code execution vulnerability: - An authorized user with workflow creation or modification capabilities can exploit...