445 matches found
MAL-2026-5666 Malicious code in downlynpm (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c54f0f73fe269f9054d27204762149882fd85c82c575dfa40738014f7a594090 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5657 Malicious code in @iobeya/spa-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9a974281dcc6456d815e6cb8b755c3084c7ba2d4026264474e459681a9a25cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in pui-diagnostics (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f05c21e14c3c230fc88a2e0513e8dcd1ba8eda06a21ee1371dd5277b4280740a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5637 Malicious code in tailwindcss-animotion (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 96413f4c88df11bc7b9783884da8c9c18d04f8b37134ca1f8891551def09e788 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5625 Malicious code in clsx-tailwind (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25973e59fcbbe092c0fd9d1f868fb37c1b1492fb830a534806e51bbbc795935c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5584 Malicious code in justgetit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6e3691bf83f31d1f1dd45e3224151455cbcf6b03acf1d50a25a96eb69ef3065 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in csc154-internall-depend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 468d4fe797c3be3e29ea6da37c1b04112162bd349f7aea270cdbc4ba929d945d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5309 Malicious code in nodemon-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e62de7b45c63185183f5fe120bd363a176f70cb28d4abfeec9a3686b320a0b96 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5102 Malicious code in @ewfewfewf/testhackerrr (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47e70cb260a34952bd8dabf1cbb510efbc9072e3d809a03deec32a70745e4d3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @redhat-cloud-services/frontend-components-remediations (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in @redhat-cloud-services/chrome (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
MAL-2026-5081 Malicious code in tailwind-effect (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a340be9809f1baa4f0e0ce64286a7d9266ccb49cd82fae68f5ac02b50e193a5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4302 Malicious code in auth0-aspnetcore-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a65e2c9bb72bed2f85cc5ce144070401adc82275fbdceee1345e245bd8b69dc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in wm-plugin-json-conditions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43ae510c22e7ea36051bfaa2a241bc7f8035d9047c3fe927438ceef2f2ca81cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in atlassian-marathon-asset-pipeline (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d32d9c71cf7460230bdc7da7e9c9cddc9618a5ca53a66adde25fb5a3e588418 The package atlassian-marathon-asset-pipeline was found to contain malicious code. Source: ghsa-malware...
Malicious code in deltaprime-primeloans (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de6dc7446f54374a89a45ea8f749647c8adc0aaf24720bd32ccfdb07e5b48042 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/case-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c66eb0255d40992fc638ffb18c027abb448bdd26f8982781cf0f7da3be7b6910 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tanstack/router-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbe10ec33a8ef57cbee1293be08884f598f604cc51b69f3eed2d17217efd462d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3466 Malicious code in @tanstack/react-router-devtools (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2583e447a99e68ab9e3a7562a7a9693e1c09de387a824f47a07f325e3b5b4d39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in hls.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96d28bd3e78b3ca60b3356380f0d7931659606c2b5def5865480d838ad21a0b3 The package hls.js was found to contain malicious code. Source: ghsa-malware 04b58b7f11fd42610f3056d4bc9aa84804d2ab9e657d7b84771cec1efe363ba9 Any...