1151 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
@ensdomains/ensjs-react (>=0.0.2 <=0.0.4), @justaname.id/react (>=0.3.89 <=0.3.215) +5 more potentially affected by unknown CVE via @ensdomains/ensjs (>=4.0.1-alpha.0 <=4.0.2)
@ensdomains/ensjs NPM version =4.0.1-alpha.0, =0.0.2, =0.3.89, =0.0.22, =0.0.37, =0.1.4, =0.0.36, =0.4.0, =0.4.16 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190933...
MAL-2025-190879 Malicious code in @posthog/geoip-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52ea0a6028390c3a43f98bcd7b2afa97a6f1fae311e31138717c69d610c4c8a2 The package @posthog/geoip-plugin was found to contain malicious code. Source: google-open-source-security...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Blockchain and Node.js abused by Tsundere: an emerging botnet
Introduction Tsundere is a new botnet, discovered by our Kaspersky GReAT around mid-2025. We have correlated this threat with previous reports from October 2024 that reveal code similarities, as well as the use of the same C2 retrieval method and wallet. In that instance, the threat actor created...
CVE-2025-65025 esm.sh CDN service has arbitrary file write via tarslip
esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths e.g.,...
Towards Classifying Benign and Malicious Packages Using Machine Learning
Recently, the number of malicious open-source packages in package repositories has been increasing dramatically. While major security scanners focus on identifying known Common Vulnerabilities and Exposures CVEs in open-source packages, there are very few studies on detecting malicious packages...
Malicious code in xo-helios-child-process-pm2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6abf116ef5bd6a77aedf9bcc2b5428a4945e26fbf2e8c0d79a0fccebb457771 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in neuromorphic-cybernetics-cosmogenic-neutronstar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 160b9ee422b1614bc10ab76b17cfd59829dd820e115922f452f8253b0f2750f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189669 Malicious code in stop-auth-epigenetics-neutronstar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d97778258cae0aa68e642d04d7a813ecbb7fe5274fe3d46b749e45ffebf87170 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186266 Malicious code in concurrently-fork-blazar-helios (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46e2cfa382a69284deda13d32454b9f9e9e1ed3c213c197f1ee60c093e7277f2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in wezen-halley-less-io (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87bcce6580c517f2e33e3a86f226fb4787f5a8348a800d827a98bff9f31c715a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-190014 Malicious code in typeorm-csv-troposphere-socketio (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e73547aa88679589280af7f97832cc643441c415a7b0c69aa00448db76023b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187272 Malicious code in halley-unuk-hyperion-sedna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c9506d8e26da1a023822ac60bbd1d414afd9ff2d27728755bfac524a22a8579 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189862 Malicious code in terraforming-filament-got-dione (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0245ded8963921b58e23bb01f640b9793148f6172410251d42eb870406270296 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-190328 Malicious code in winston-adonis-dotenv-parse-variables-dagda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f796a64813b30c1c12b1198d74b70b219329a69f9abb0697a70bb9cde818dc7d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186118 Malicious code in changelog-unuk-antares-restart (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d90a92b9a0850e106d3410f591ad1745399775c72d60a56b79bdbe04082dc27c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188209 Malicious code in nebula-polaris-prettier-wormhole (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86fe8eef18acaa2546443d8c4b2a939c3b43ae4549f2ae57d08994c602ff3ca5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185628 Malicious code in async-public-eslint-plugin-loop (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8260827b01d06f49fa980d26d357da964681809e032e0c1e4ea86afb5a6ad66 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-190353 Malicious code in xanthus-child-process-radiant-biotechnology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0772cba129a84f6a60d24186646d0488d9fea195f97e08ef3a181221632a17c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...