11 matches found
Malicious code in ecto-spectral-leak-8d4e2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed80e7979c97935537c82692c1be6aa9fa4880f76b412057e9d8ed7d66af999f On npm install, postinstall.js executes shell commands that enumerate AWS Secrets Manager across regions aws secretsmanager list-secrets followed by...
MAL-2026-2935 Malicious code in @tushar-br/desktop (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c25eb4a54e706177aecf51b4124524e6e7d0534b02d9b8e6970169a9df8189ef The package @tushar-br/desktop was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190824 Malicious code in @quick-start-soft/quick-task-refine (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b916ec147b8ea7421a203e04aee7554ffafacffd6a0aa576031a36f8773dc41 The package @quick-start-soft/quick-task-refine was found to contain malicious code. Source: ghsa-malware...
MAL-2025-48029 Malicious code in hrm-absence-frontend-deps (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e83d68d053c95b30727ac72a2707c8add3c6426eceeb22869d8c6536887ad7f0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47540 Malicious code in @sev-ui-verse/invoice-models (npm)
The package @sev-ui-verse/invoice-models was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f330a934831b8458a3b0de11c4efd1a661b00d1e2b7df7aa32b18a2278b789f3 Any computer that has this package installed or running should be considere...
Malicious code in node-validator-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2e959ea4d60fa68cfd23f7e2fee922a263bcdfbee4e19662eca073135680b91 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in scriptconfig (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3bd3ce93e4d932714fc3eccce5d02ae6e79657a46f27202ecbe3278d0414555e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in kmalohjytrgiuwdb (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 962574f0e5a8f6c92ccc5f6e84546adf0d67d10ea0b8b9a6ff2fce4616844fc7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in fitbit-connect-client-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 08efae8d0db8e2e4172e8acf35605a70436f1b61b61df70ccd478b1eb14052f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in preset-modules (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bce4d502bf9ab093c7d390d5b71812207dacb59531230032226826562d298eca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @epc-apps/edge-lambdas (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fac603a15d0ab913153cc8c0364ba23ad7ed7b353172ee00e0876c3fecdbfee3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...