31 matches found
Malicious code in edu-npm-dependency-chain-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5a2508b833cc9048538d7b995e19fdc3abb6807800a2650ef808f248a3502139 The OpenSSF Package Analysis project identified 'edu-npm-dependency-chain-demo' @ 1.0.4 npm as malicious. It is considered malicious because: -...
MAL-2026-5623 Malicious code in edu-npm-dependency-chain-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5a2508b833cc9048538d7b995e19fdc3abb6807800a2650ef808f248a3502139 The OpenSSF Package Analysis project identified 'edu-npm-dependency-chain-demo' @ 1.0.4 npm as malicious. It is considered malicious because: -...
Malicious code in @t-in-one/only_difference_payload (npm)
Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...
Malicious code in @cloudplatform-single-spa/svp-draas (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
Malicious code in @car-loans/referrer-module (npm)
Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...
Malicious code in @cloudplatform-single-spa/ml-inference-model-run (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
Malicious code in @cloudplatform-single-spa/ml-ai-agents-system-prompt (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
MAL-2026-4867 Malicious code in @car-loans/deal-aff (npm)
Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...
MAL-2026-4993 Malicious code in @cloudplatform-single-spa/timescale-db (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
MAL-2026-4868 Malicious code in @car-loans/desktop-car-loans-application (npm)
Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
EUVD-2025-114532
Malicious code in dependencies-ophiuchus-mira-oauth npm...
EUVD-2022-1781
Malicious code in bioql PyPI...
CVE-2022-29080
The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value...
MAL-2025-1890 Malicious code in meli-service (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-1716 Malicious code in airbnb-model (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in invalid-dependency (npm)
The package communicates with a domain associated with malicious activity...