MAL-2026-2987 Malicious code in @bmg-web/bmg-external-link (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6373b00808251dd64521cfb1864a0bf382c5df23e976984dea8dbebf925bbb63 The package @bmg-web/bmg-external-link was found to contain malicious code. Source: ossf-package-analysis...

Malicious Package

Overview trackora-node is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in crypto-keccak-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32ccdef7e115ae439427bb2217083ad601c38f443bc895d50f788929634a37c3 The package crypto-keccak-js was found to contain malicious code. Source: ghsa-malware 60c3cf139a71aed81d8181d9c87451c86895953c7d34095bd06553c9e406cc...

Malicious Package

Overview crypto-keccak-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-2976 Malicious code in gleb-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1195db21d930574e3f893e03ace1f465579fc9a50f319979b05f57a0a6d8e252 The package gleb-js was found to contain malicious code. Source: ghsa-malware 24151762712a7288d42bf902b1d0d205f13c6f76668490e7043fe846a8fd241f Any...

Malicious code in ts-utils-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8a1476a3763d6093218666ee76d28124242e541f10e98fea5e396de93e97e85 The package ts-utils-dev was found to contain malicious code. Source: ghsa-malware 780475532d255944bb4846b6f84becadf429014e623c83b5ca508b6f97e39a9a A...

MAL-2026-2973 Malicious code in claudcode-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1de8369f09912bb8724607f94c599ad3fcecfa78fa46e76985acbc600ad8791 The package claudcode-cli was found to contain malicious code. Source: ghsa-malware 6bdf49fafb69e5edbe0ee4aecb34c6d65f28e0dd917b228142fd71e6db486971...

Malicious Package

Overview claudcode-mcp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in claudcode-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1de8369f09912bb8724607f94c599ad3fcecfa78fa46e76985acbc600ad8791 The package claudcode-cli was found to contain malicious code. Source: ghsa-malware 6bdf49fafb69e5edbe0ee4aecb34c6d65f28e0dd917b228142fd71e6db486971...

Malicious code in @usealloy/api-contract (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac2459ced40bf7d07428205c0322e09c951fdc50972f337b30508ad2ad867b37 The package @usealloy/api-contract was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2970 Malicious code in @usealloy/component-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f32d74c27a8086c59f766c74f3fd9165eb49c0aa829661b6ff00e982c84d510 The package @usealloy/component-library was found to contain malicious code. Source: ghsa-malware...

Malicious code in aven_types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0df68dd11fcc6eb930db59e54118c89a481c0d8db3d4db96ca7732ce04cc3bb2 The package aventypes was found to contain malicious code. Source: ghsa-malware d042da73509307cc87e2110ee9cbd8873cd35b4d5de30c65df0f8daf7e93f49a Any...

Malicious Package

Overview @usealloy/typegen is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in @usealloy/component-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f32d74c27a8086c59f766c74f3fd9165eb49c0aa829661b6ff00e982c84d510 The package @usealloy/component-library was found to contain malicious code. Source: ghsa-malware...

Malicious code in @usealloy/typegen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8ddfd4e6bd17172e7327ebed027c76dc8d062700a513a745cf15955c52e043c The package @usealloy/typegen was found to contain malicious code. Source: ghsa-malware...

Malicious code in @bitunix/test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b083a0a29a743f00a18c62069ede0cd31fa3656e9fcbafd497ff742c3efcbdd8 The package @bitunix/test was found to contain malicious code. Source: ghsa-malware caf5aa976643b0e7d9daa1d676c83032b7725f54e4d0f7541e163251805fb9df...

Linux Distros Unpatched Vulnerability : CVE-2026-40895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0, when an HTTP...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013585)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013585 advisory. In the Linux kernel, the following vulnerability has been resolved: pinctrl: rockchip: Fix refcount leak in rockchippinctrlparsegroups offindnodebyphandle returns a...

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.3.0 contained a security vulnerability. This vulnerability stemmed from the network-libp2p library’s use of the libp2p ConnectionHandler state machine. This handler assumes that each connection...

SUSE SLES15 Security Update : nodejs22 (SUSE-SU-2026:1509-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1509-1 advisory. Update to version 22.22.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism...