34 matches found
Malicious code in @tc-core/campus-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c58f691cfdb7301c271067776e2e3bc260d4cbb8880345d03e840729d849b580 The package @tc-core/campus-service was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in web3-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2e42f568897d9af194eb75275059455c99b369456b0c8e0ffe13e7f32be839e6 The OpenSSF Package Analysis project identified 'web3-common' @ 1.0.0 npm as malicious. It is considered malicious because: - The package execut...
MAL-2025-192937 Malicious code in bettermode-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ade97c888752f20137524d28c5b49359ed4187da5edcecb60ead623f40aba3c The package bettermode-common was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190622 Malicious code in com.unity.xr.visionos (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfc5fb97986cf3c32288632dc0df9916994609543b354548885edf9d229dd489 The package com.unity.xr.visionos was found to contain malicious code. Source: ghsa-malware...
MAL-2025-48091 Malicious code in vercel-v0 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b3f5d72ec9c31838366e2e5e38f08021d40aa495b4424e97ff5b580a24467d7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-46896 Malicious code in blackbird-analysis (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3caeac0852a2e3b407fa0aeac57bf37bcf5d804a7cbf7fca57f612060c3a4289 The OpenSSF Package Analysis project identified 'blackbird-analysis' @ 0.2.0.r9649833ca rubygems as malicious. It is considered malicious becaus...
MAL-2025-41298 Malicious code in image-memory (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 40ad268d8e5d26e3c122a979160b815c349dc3cd4d22004530c3a5ca5c4299a9 The OpenSSF Package Analysis project identified 'image-memory' @ 99.0.9 npm as malicious. It is considered malicious because: - The package...
MAL-2025-41272 Malicious code in tombac-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a3cbbd454182b1e77985f474c87e277b8b0e4efa49cc80edb90c60f7d3a12914 The OpenSSF Package Analysis project identified 'tombac-icons' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...
MAL-2025-41259 Malicious code in amp-metrics (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dacbeb50af065a576ade73d084e6ac504cb061d33ebdb8fe8d72839b926e9d59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in swiv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 945d4a5f54e77ae66588b5b64aa30eb2627903bffcb72a3031b9c4b6b2122b43 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-6947 Malicious code in personalizationtrkserv (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4e171fa4d76ea31b32b21ec8efae81c75a65d7adcc42a621c06cfd5406110131 The OpenSSF Package Analysis project identified...
MAL-2025-6879 Malicious code in @yaqiguo/dnstest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d10a6c69fefe74572e208680a6e74fa93be7f549ac4f033a0dbbfc6ddb656b43 The OpenSSF Package Analysis project identified '@yaqiguo/dnstest' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2025-6827 Malicious code in mda-localise (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 613478d63b9c28c110cb883d28d216af5ac0cc3af224415eafe463a905b391c3 The OpenSSF Package Analysis project identified 'mda-localise' @ 0.0.2-placeholder npm as malicious. It is considered malicious because: - The...
MAL-2025-6819 Malicious code in angular-sources (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ff334dd83f794d2141307860dd5229672ff176ff05a1a2ac22674fe9146f8938 The OpenSSF Package Analysis project identified 'angular-sources' @ 999.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2025-6816 Malicious code in teste-depenconfu (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 56a7fcb8d17544bc05d4a5222d7741781d9b33d6ad5d334d6c74b8851d20a257 The OpenSSF Package Analysis project identified 'teste-depenconfu' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in flatfox-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c1abb243ceb7b5b94ca2f950d7cf27838ad4c22bc9771a0ea878af5497bfebf2 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in side-effects-package (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82b6dc5cf513223d6d09a04e6a0a1291c7ac2be14c46381e61d023f39c00b8c2 Any computer that has this package installed or running should be considered...
Malicious code in uniswap-v4-scratchpad-poc (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01754c5d133c195a4c109504b5db8355893e90a308a2317d421d8f2d034cad23 Any computer that has this package installed or running should be considered...
Malicious code in @mpsemea/fspay-smartpay-logging-web-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 743df569bb531a07b7075f6ce9780c5ce5d7f6276d932c99d1374f31d5ec042c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in victory-native-xl-monorepo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9101dd18b0880eb5358d74e5a997f3a532b49825b6a4cb47d96778143a48b4a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...