Malicious code in @stlm/common-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 524e7ff666da99814e99aa71977173170ff4d7d51c5730a30bf0375665f89582 The package @stlm/common-ui was found to contain malicious code. Source: ghsa-malware 2d6d7ee043c22bf0b8caf216d27b99ca30f22667d60e5d1d0c76178c5808ae5...

Malicious code in color-studio (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d197fd4183100bf9c61d06d5f63aea39f8b61429628f3a13522d8b511a0482bb The package color-studio was found to contain malicious code. Source: ghsa-malware 3ea22c97ba975ced2d26e899fe9ac900d3e1df68314536f95416cf2b03b65472 A...

CVE-2026-6862

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

UBUNTU-CVE-2026-6862

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header

A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named proto. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an...

Malicious code in @automagik/genie (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a6e7702eae0e8ff480f6f47624128cb3bf2ad5934d6c6a9a5481f3ac424db40 The package @automagik/genie was found to contain malicious code. Source: ghsa-malware 00207299cc0b9ee634f5850f194f399c6164fd4621989a43f8e5f9353d3707...

Embedded Malicious Code

Overview xinference is a powerful and versatile library designed to serve language, speech recognition, and multimodal models. With Xorbits Inference, you can effortlessly deploy and serve your or state-of-the-art built-in models using just a single command. Whether you are a researcher, develope...

K000160944: Axios NPM supply chain attack MAL-2026-2306 GHSA-fw8c-xr5c-95f9

Security Advisory Description Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer ma...

Malicious code in @bmg-web/bmg-dialog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d560386e011639d154483a6156d3ffca4b0f0c58b20063d6e8ea51d5a295d2a The package @bmg-web/bmg-dialog was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2990 Malicious code in etsyapp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d3ba88687c2454c8371f948d388d1aa11c628cc010daeee014c9dd60ad1c193 The package etsyapp was found to contain malicious code. Source: ossf-package-analysis 919ce430631b9f294e4f67032799f5df86d6c943a20c330407641916d7aab6...

Malicious code in @bmg-web/bmg-collapse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fac63a733e9add336ae6a3fa8cf87b72abbe29bb1efeb397b54dd35f2875fcd The package @bmg-web/bmg-collapse was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @bmg-web/bmg-grid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3145866a6b18a164c2246b0a000b18412f9f8cc10f5c4192a2a8925d213bedb1 The package @bmg-web/bmg-grid was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2988 Malicious code in @bmg-web/bmg-grid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3145866a6b18a164c2246b0a000b18412f9f8cc10f5c4192a2a8925d213bedb1 The package @bmg-web/bmg-grid was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @bmg-web/bmg-ajax (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9d0060c1d5029ed1bcb3ed00c20e6a283a930b13d6e93072cebb3e97e45b78d The package @bmg-web/bmg-ajax was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @bmg-web/bmg-card (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6b0a1542df5f356749bb120307f24588161f99389b5630aade5a178b2ac98c6 The package @bmg-web/bmg-card was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2987 Malicious code in @bmg-web/bmg-external-link (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6373b00808251dd64521cfb1864a0bf382c5df23e976984dea8dbebf925bbb63 The package @bmg-web/bmg-external-link was found to contain malicious code. Source: ossf-package-analysis...

Malicious Package

Overview trackora-node is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in crypto-keccak-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32ccdef7e115ae439427bb2217083ad601c38f443bc895d50f788929634a37c3 The package crypto-keccak-js was found to contain malicious code. Source: ghsa-malware 60c3cf139a71aed81d8181d9c87451c86895953c7d34095bd06553c9e406cc...

Malicious Package

Overview crypto-keccak-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-2976 Malicious code in gleb-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1195db21d930574e3f893e03ace1f465579fc9a50f319979b05f57a0a6d8e252 The package gleb-js was found to contain malicious code. Source: ghsa-malware 24151762712a7288d42bf902b1d0d205f13c6f76668490e7043fe846a8fd241f Any...