122173 matches found
ROOT-APP-NPM-CVE-2026-0000 CVE-2026-0000 in @rootio/react-leaflet-heatmap-layer - Patched by Root
Root has patched CVE-2026-0000 in the @rootio/react-leaflet-heatmap-layer package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-GHSA-5C6J-R48X-RMVQ GHSA-5c6j-r48x-rmvq in @rootio/serialize-javascript - Patched by Root
Root has patched GHSA-5c6j-r48x-rmvq in the @rootio/serialize-javascript package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44288 CVE-2026-44288 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-44288 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2023-45857 CVE-2023-45857 in @rootio/axios - Patched by Root
Root has patched CVE-2023-45857 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
MAL-2026-6572 Malicious code in rebrandly-domains-digger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d1744d2a299b9ef0526f49b4b2297fcd6c72581c51a3359801db56318d8cfda The package declares a preinstall hook that runs node callback.js. On npm install, callback.js collects installer-side identifiers — os.hostname,...
MAL-2026-6573 Malicious code in rebrandly-domains-search-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d4464320c8530d582d35f85ce95045182d82e1dd63a830644bcb68f05bdf10e Package [email protected] is an empty module index.js exports an empty object whose package.json preinstall hook runs node...
Malicious code in polymarket-clob-math (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d67023e54ba355e9c82fd2a05d2d2448657a3ea9415ff18d3c4669a9fc0afb42 [email protected] ships a postinstall lifecycle script that performs an install-time remote-code-execution drop. On npm install, the script...
Malicious code in ts-ankle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...
MAL-2026-6548 Malicious code in ts-ankle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...
Malicious code in @epsteinlovekids483/crossmint-wallets-sdk-pentest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e43e5a418541bb3e485010eba536ecc9f1483dba866af53ff4a760684409213 Package's main entry dist/index.cjs unconditionally requires dist/shai-hulud.js at module load. On require, the code harvests installer secrets —...
ROOT-APP-NPM-CVE-2026-2739 CVE-2026-2739 in @rootio/bn.js - Patched by Root
Root has patched CVE-2026-2739 in the @rootio/bn.js package for Root:npm. Multiple fixed versions available...
MAL-2026-6513 Malicious code in dtxto1ols (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 926fc822a2a507fafa6d2e1bb02a9b2bada7d89d3042bd3f0cac0ba2fd7c1991 package.json declares a postinstall script that runs automatically on npm install. The script performs filesystem reconnaissance find / -type f...
Malicious code in dtxtools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de085e4b6d38025a5a0b959b19b1022deaa7525b427e66679b58b6892328297a package.json declares a postinstall lifecycle script that auto-executes on npm install. The hook performs a recursive filesystem search for database...
MAL-2026-6498 Malicious code in dttfdsdee (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae565bed85ec0db27f1ff658c7e9491591ce40edc56f423cd8b1122bc209c69c package.json declares a postinstall script that runs automatically on npm install. The script walks the entire filesystem with find to locate databas...
Malicious code in unsafe-malicious-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3579cb796e48f446b07e2dbbce2e301d1a3e87d8a9a35ed1dbe825fc53f29da9 On npm install, the package's postinstall lifecycle script scripts/postinstall.js reads the installer's AWS credentials file at /.aws/credentials and...
MAL-2026-6486 Malicious code in unsafe-malicious-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3579cb796e48f446b07e2dbbce2e301d1a3e87d8a9a35ed1dbe825fc53f29da9 On npm install, the package's postinstall lifecycle script scripts/postinstall.js reads the installer's AWS credentials file at /.aws/credentials and...
Malicious code in ref-slot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e1ef3e785cf6cb007c0b33be2ed43ebe49d64f476bb4fb3a66b914b06def5e1 On npm install, the package's postinstall hook runs node test.js which invokes index.js to perform multi-stage installer compromise. 1 Credential...
Malicious code in @vpms/design-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43ce5813fba2660b094a3e8a5c5a0bf2f1972530c294830c0a2e3d15dcd1b096 package.json declares preinstall="node index.js". On every npm install, index.js iterates process.env and harvests any variable whose name contains...
Malicious code in easy-string-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cb77d96cfd133340395df1765df2426f8414d80158e62ee5832ab6d4a18e803 package.json declares a postinstall lifecycle script that automatically runs on npm install and executes roughly 25 curl POST requests harvesting...
ROOT-APP-NPM-CVE-2025-13033 CVE-2025-13033 in @rootio/nodemailer - Patched by Root
Root has patched CVE-2025-13033 in the @rootio/nodemailer package for Root:npm. Multiple fixed versions available...