18 matches found
MAL-2025-190592 Malicious code in @ra-ide/ld-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aec551eb9431424b0e79cb127427880ebd5c21b9deb2b8d4a378fb650fb45a84 The package @ra-ide/ld-frontend was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-190521 Malicious code in node-calculator-7bea (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ddbd5a2cd94466471bef272010b7911c371022bffeeee5ec50e01a0affde411 The package node-calculator-7bea was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-48458 Malicious code in src_plugin_index_ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 396cc58d08775057aef35e59ad51a28c7379449f6f00332d193138ff8b9de09a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-46909 Malicious code in github-kv (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5fcb11aea794afd6b87c58dee41958584041b8638848807223b0633a851e3ad1 The OpenSSF Package Analysis project identified 'github-kv' @ 0.0.1.rdbd1267 rubygems as malicious. It is considered malicious because: - The...
Malicious code in test-package2345 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 376f2c62728c1d9f82712acd63e4377bd525a0faae2b00a7746dd322c8e5379d The OpenSSF Package Analysis project identified 'test-package2345' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2024-9058 Malicious code in cloudflare-docs-starlight (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cc416353baa88972c0106ceb1b2fa7077b9cfbcd687be15e44c70ee5edc0c526 The OpenSSF Package Analysis project identified 'cloudflare-docs-starlight' @ 1.1.1 npm as malicious. It is considered malicious because: - The...
Malicious code in repo-private (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 475962f34cf11b2eb56bc65cbb239a83bb17063ca8bb9b0f03d295a5b88e4b6a The OpenSSF Package Analysis project identified 'repo-private' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2024-8046 Malicious code in artifact-lab-3-package-89883da3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dc3109f451995d11f0f2e99d58397d06ac2bb036df5ceb90425befb54ea10f14 Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...
MAL-2024-7906 Malicious code in @adidas-data-mesh/common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4cb712751b93462e59fe5e04bbcb56626dfb03735b8179b69e4a1f56a60c1375 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1357 Malicious code in by-fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbe17032deb287c69fb57c7e240590cb829a046c49e904b65d01686694636d5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1159 Malicious code in tchap-translations (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ca575a89e5cfe2c388f248f9084e97b9cc385753de105d2ada5dc6323d1de06f The OpenSSF Package Analysis project identified 'tchap-translations' @ 9.9.10 npm as malicious. It is considered malicious because: - The packag...
MAL-2024-1052 Malicious code in relativity-web-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ceec81f16c03da2474b6b582560b0fc3bd20fa136bb49dadead29fc397209f70 The OpenSSF Package Analysis project identified 'relativity-web-component' @ 2.999.0 npm as malicious. It is considered malicious because: - The...
MAL-2023-8062 Malicious code in zara-mkt-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 63035f09a78f784aa3cc30ea29d7a7508c1811c6f344d00b42e93338f2cb50c5 The OpenSSF Package Analysis project identified 'zara-mkt-core' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in puppet-module-posix-system-r (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2ad3a13f7c087320a9f4bf76203fd40172a2b55172dec3ac957ad4d265c01425 The OpenSSF Package Analysis project identified 'puppet-module-posix-system-r' @ 1.0.0 rubygems as malicious. It is considered malicious because...
Malicious code in eslint-plugin-indeed (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cd3cf0dfdda3ea0bf705d385efb05c56b971a408c4a0dceef3771d2e474a33e0 The OpenSSF Package Analysis project identified 'eslint-plugin-indeed' @ 99.99.9 npm as malicious. It is considered malicious because: - The...
Malicious code in skyscanner-themes (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4e80c6a572898c77cc6e5b4c0266cc4805778ec35102f514669accd32b0664f0 The OpenSSF Package Analysis project identified 'skyscanner-themes' @ 5.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2023-1424 Malicious code in fluent-plugin-enhance-k8s-metadata (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 537d9d482d3e99b2757022edbff8c81e9a9bd9bf73f272f10634d355c813e635 The OpenSSF Package Analysis project identified 'fluent-plugin-enhance-k8s-metadata' @ 5.0.1 rubygems as malicious. It is considered malicious...
MAL-2023-34 Malicious code in @chegg/wtai-upload-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ed3e4233e6f2d188d7f2bab940bf8574017cf73a97b440daddc7f4e3176075a3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...