252635 matches found
Malicious Package
Overview gp-auth-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
MAL-2026-2575 Malicious code in @ascend-ops/web-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57ec262f68b9b9bd081ce675c1eb28e56c6c630c03cf1ecb680e5b56035f0aaa The package @ascend-ops/web-client was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2578 Malicious code in @bokehjs/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c6f4339e19ee914380a69c5c69b600db7df1412b41db50a539eb87db984f68c The package @bokehjs/core was found to contain malicious code. Source: ghsa-malware 6e18981ac8adec7cb489a1be8841f5f6862c8f1298c570346d5210c99dd275fe...
MAL-2026-2584 Malicious code in @hpcc/js-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66d87d26a2f328414129f2abca4fe30a3f49afcefc1734ff29504b30e8e5e538 The package @hpcc/js-api was found to contain malicious code. Source: ghsa-malware baed13149b187a8ebee8b70891d8c38114a2f8c25e0048e5f2524ae8cb61217e A...
Malicious Package
Overview @ascend-ops/web-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Malicious code in @bokehjs/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c6f4339e19ee914380a69c5c69b600db7df1412b41db50a539eb87db984f68c The package @bokehjs/core was found to contain malicious code. Source: ghsa-malware 6e18981ac8adec7cb489a1be8841f5f6862c8f1298c570346d5210c99dd275fe...
MAL-2026-2574 Malicious code in @amplify-js/datastore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a31c933f191cd94be3e10adb951ed57652fe41955589d37ce8c200c96256f36e The package @amplify-js/datastore was found to contain malicious code. Source: ghsa-malware...
Malicious code in twilio-video.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9e3803147d3c0bc502c876bc9a0c17ab6abb0f35cef279419245d46843a57ee The package twilio-video.js was found to contain malicious code. Source: ghsa-malware cc5348f21258b1a1e011513da698c5544555a2b78063b41540c04c9b0b0bc58...
Malicious code in ccn-common-react-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e786ee75b4c32af6bfd2d9129d0a1ded7b507ef1141e019acc9b6ba1dc1da374 The package ccn-common-react-library was found to contain malicious code. Source: ghsa-malware...
Malicious code in stats-api-js-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a84f9d7eef71d2b99a244ec63f5144ad80a0084e6c20fc903a1bbce208ad9777 The package stats-api-js-client was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2600 Malicious code in cms-site-api-js-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7c005e0d9ed50229f543036c5c8bd9dd61a1ad0b5373efab2aa9fdba45084f9 The package cms-site-api-js-client was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2604 Malicious code in ih-icon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29e7f19afb6ffd57012c61c6bef2ce8ad4238f192cac0679e216684a37ec672e The package ih-icon was found to contain malicious code. Source: ghsa-malware c7182707ae8272b3af4376c3dfec66a3b574b8c86217bf3b7c705d94dfb84b63 Any...
Malicious code in dwaiter-company-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 602a450ab8f9d48b5e7ca03f6e4cf89803a6f1a0e6e35d453c92e59143096577 The package dwaiter-company-web was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview symphony-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-2606 Malicious code in mdb-react-sortable (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 221ae0ca7ee784d6ab2d9bb463b65dc3d998114b51b3dd7a4f3585ef2b1ed11a The package mdb-react-sortable was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2605 Malicious code in kaltura-ngx-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33934fb6026f53c4e012992591edb1038036a17c485afca8e8fb3e40083a44ce The package kaltura-ngx-client was found to contain malicious code. Source: ghsa-malware...
Malicious code in @b2b-portal/kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa5c1b32159c7e6dc9c07e663c7f8cf3b3ee24450a33289a1a79589c69906eed The package @b2b-portal/kit was found to contain malicious code. Source: ghsa-malware 20de22d7080860e2c01f3de58d2809af28e543302e49545749666efd4956c23...
Malicious Package
Overview @b2b-portal/kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz Vulnerability Details CVEID:CVE-2026-23950 DESCRIPTION: node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the parseNode and parseEdge functions when topology metadata such as component IDs, stream names, or grouping values are interpolated into HTML without proper sanitization. An attacker can execute arbitrary...