26 matches found
MAL-2026-5126 Malicious code in @redhat-cloud-services/frontend-components-config (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
MAL-2026-4318 Malicious code in levex-press (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f33c109f544ebe960d2fe2880abba71a8abbbcfc1b8042ca5c5d5d9e6ac6b557 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-1302 Malicious code in @platform-growth/guidance-channel-provider (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 851a1eb428b30069bd6ba251018b1547db4c6066228663539c2b80b07ba0061e The package @platform-growth/guidance-channel-provider was found to contain malicious code. Source: ghsa-malware...
Malicious code in pool-check (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 307e708d931ed9e7fc3cadd2e2daf55f69a216e6048275ae16db575e4939c805 The package pool-check was found to contain malicious code. Source: ghsa-malware 2da2c8462239a3dee4b27482f6d094115705cafcf589553f6836bc871a921ae8 Any...
MAL-2026-796 Malicious code in @rdxportal/ui-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6715dad49a0781dc55e72ae77bd13276de1564d08cfd1c0a3c3aebf37b72acc The package @rdxportal/ui-components was found to contain malicious code. Source: ghsa-malware...
Malicious code in zebracros-bahlil (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd1584c60176e7489fa7d40f80dd373fc228d0cb39052fb1e6b5e638f955d229 The package zebracros-bahlil was found to contain malicious code. Source: ghsa-malware c31864656b362790c68a366d8374f2f6ab6b6d8ddf9c04f49cca4eceee2a9e...
MAL-2025-191536 Malicious code in @wxi-dev/serverless-tsc-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2044be2f48924b1fbab5515839d24440bd12b3d7df98de95a6b0881665ab3f94 The package @wxi-dev/serverless-tsc-config was found to contain malicious code. Source: ghsa-malware...
Malicious code in @stride-mfe/wmc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77cc9defe144c1f3b98ce1ea8f91ca33aaf789c8ed02f2ee137861782c89f711 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in referrals-landing-page (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af44c1859de435203a802f9ebc54d261a9baa1c82b581c6735726c322cff737e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in uber-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 514527f85a2deb8975f95374694c5dc8a3d09d328d3cb7adc36ea16d071367ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in lito-core-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a6cf4549a9eb56f566a4f9b2f25568406b0ba7ed7d72c19ef13a615c6c0cdffa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @diotoborg/earum-eum-doloribus (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1998979ccd43284034ee190bd05b73ca9b83b57acba6eb0a13e6c55720ccc077 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @diotoborg/inventore-amet (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a167e9bff33e256be00eec29557f10a0762b6462aa9fb9b9cc4f7cb6e4a5ce4c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @diotoborg/tenetur-hic (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b59d70f891dc92e22236b5d8ecc1a6c511540bf912ca5d593bcd23fe71e1f5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @diotoborg/molestiae-doloribus (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21f56175df90be2ffbf9c6be98a31dc1de3511f5c026650e903df6bf0c479f0c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @zitterorg/consequuntur-voluptas (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61345ad477e00411b68037a9b448ef2e1ca0beed5818baaed551d6ea2a0dbdf5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in encodelen (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16f1c093c0c4c15a7c9e7438a370a2a3d42de41f0f6cc7a21695023e73647884 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in tari-explorer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6da5a4c9da80939fd8b4009200d8e59514e1d3a5664d9b7150b27f40250a584d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in wlwz-2312-5808 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d50b1e7740a7ec2fc82b63bf66ef1da6ef987279944519383d6e79440bccf12 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in autocomplete-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b3d22342c939ff5ef11bdb6b41a359ac46d2ba5e348d89c27cb5b66b5518f1e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...