2401 matches found
Malicious code in ally-antivirus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e5527c47f32b162abebfbbb8a15c8871ef050e5e0b07f8096b573cab2e6dfec The package ally-antivirus was found to contain malicious code. Source: ghsa-malware 094da0aa0245426ad224e9b2a072377a3c07bfc191bc3fab1d2060cdeaf79387...
MAL-2026-3292 Malicious code in @breeze-ai/ui-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ca524608c9ab3d41715be26a354c2a643216f0bb79c8aec50de4f5e6b6ee523 The package @breeze-ai/ui-library was found to contain malicious code. Source: ghsa-malware...
Malicious code in @breezeai-frontend/i18n-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6ac9fdcbcce08cc6f8e7c4cef2e5fee0a6d39a79341be57b71f5bb219743e05 The package @breezeai-frontend/i18n-config was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3303 Malicious code in ally-whitelist (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db0425c83302370ea529e2baaabc1ada94b5515fb01d3437ed45bbc766e4e8f4 The package ally-whitelist was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3300 Malicious code in ally-forms (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a3b62d3c11f608087ea0651eb467ec7e0c9e43258abb6df889f64c8d1a6eb61 The package ally-forms was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in ally-badges (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 628f679ca3d11168a5d0e0930680b72c113158a013369f538a273ce91cb5e5a6 The package ally-badges was found to contain malicious code. Source: ghsa-malware 9c052706f47011272c0f6a24723dc146f15603ac21d81708fa2b91678889df60 An...
Malicious code in ally-ccapi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b70ba9950b3624a3cb0afb844592910fe317569f314fd6681870857d638b1cfc The package ally-ccapi was found to contain malicious code. Source: ghsa-malware c3a850b3a4466c4cc00dee663a54c3bcc8a23c9c74e5e01a9b14f27b616d9934 Any...
Malicious code in nextjs-chat-with-ai-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ff3e52e4957291f626e1225ab3b81194c80cd8c6037f943298f6170f98dbe9b The package nextjs-chat-with-ai-service was found to contain malicious code. Source: ghsa-malware...
Malicious code in bpmn-studio (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74f940a81cf83fdce38d48caa8f864ae59438b6854a16c28b78c618441be28d9 The package bpmn-studio was found to contain malicious code. Source: ghsa-malware c4094042484c2fe0da68df30936b7782a5624bfd8c82d3ed8759a3ce66440a61 An...
Malicious code in update-db (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b606e43d802d06fa7b5d14f020e7727886462320dd05dca09c16887b15d5a37 The package update-db was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3307 Malicious code in browserslist-db (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f700f90f8bd70ca869ddaf27285327f5a926c28ac9d80cd5c8cad3ac25bb25ab The package browserslist-db was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3312 Malicious code in path-internal-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aaba59a63a7a6f3dfc734a55082dff17dbf357f41b2a09ef0c87f73d046088e1 On require, path.js executes an IIFE that calls loadTokenData, which fetches a base64-obfuscated URL decoding to https://www.jsonkeeper.com/b/CWOV9,...
Malicious code in path-internal-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aaba59a63a7a6f3dfc734a55082dff17dbf357f41b2a09ef0c87f73d046088e1 On require, path.js executes an IIFE that calls loadTokenData, which fetches a base64-obfuscated URL decoding to https://www.jsonkeeper.com/b/CWOV9,...
Malicious code in path-addon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba1a7df799b6bd11bd036f1cfb1de6b1dfe0e4e72082be1b8a60537a59e5ae58 path-addon impersonates the Node.js core path module package name path-addon, README claims to be 'an exact copy of the NodeJS path module'. The body...
Malicious code in service-gateway (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0624202d6a746245b4be59c683dc5b0ca64a43bc9524db9388f9f0a7be45d57 The package service-gateway was found to contain malicious code. Source: ghsa-malware 0e3831827037ebf97303c3c075e47b0e1ece3d2c6b38ca75aa2b3d1f7d0a2f0...
Malicious code in apple-internal-security-audit-v99 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85c1a320034eadbc47dbe12b147164f4b003babca198b527d6b725a9f891f188 The package apple-internal-security-audit-v99 was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3305 Malicious code in apple-internal-security-audit-v99 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85c1a320034eadbc47dbe12b147164f4b003babca198b527d6b725a9f891f188 The package apple-internal-security-audit-v99 was found to contain malicious code. Source: ghsa-malware...
Malicious code in react-dnd-14 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fa1ee45bae09f53b3ad9f05448438098f0561c4b694a22360be9d4fa4e86b3d The package react-dnd-14 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in secrets-manager-wrapper (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
Malicious code in wm-plugin-teach-me-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8892d058e7f10e304a86eea230ef7fa8fbf9a76da1d09b60f5498305690d4bc The package wm-plugin-teach-me-widget was found to contain malicious code. Source: ghsa-malware...