Malicious code in @mastra/docker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd2417620dd4f98c496cdb956e0e2cf1b55f25dcc57ad7a360f072acfa88ba9c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @mastra/fastembed (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c0da5948a94944695bcec24b99ac8a6b9ae7f5f31e8407f8c731379a6fda79c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5946 Malicious code in @mastra/editor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d15cb5bd62365f9e834fc44ed65e0db2c34aae555a5068c706cc9de0567a5fc0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5877 Malicious code in check-ulid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea848e496c2022409208a3e4a7d9b364c9437699a15554a5a1ee953d4428f230 check-ulid is a typosquat of the legitimate ulid package README is copied verbatim, homepage and bugs link to github.com/ulid/javascript whose...

MAL-2026-5850 Malicious code in vite-enhancer-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f95dc5a82c03457cbfab461f0b1775f3918589db6ac513342a1ec0dc1aacc1fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5700 Malicious code in transportator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6f40d878023c5462d17916a03d22d7c2e9e1573ab590f50532aa2e620e7a5a13 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @malwguy/ecto-corsair-whisper-3d2a7c (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b95a5cb65b01f03aebc1ab713877cb963b5de2cb4ddc38c03cdb01a7e469144 On npm install, postinstall.js walks /, /app, /home, /opt, /root for files whose names match /flag|secret|env/i, reads their contents, scrapes...

Malicious code in ioredis-orm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15186d98f16a0cfdcb0cac8d616ea4afc4e6d1443be464ef1a140ab79a5d5d0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5661 Malicious code in @sazka/web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f28f82bd2ace12b57cc67c8da0f065ed544157af3148f2680ca8a36c9ef01b21 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in justgetit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6e3691bf83f31d1f1dd45e3224151455cbcf6b03acf1d50a25a96eb69ef3065 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5510 Malicious code in npmjs_web3-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b691e4c1a13cf8174fdf8653d757594f18057650310bc89e376caa806602d3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in solidity-abi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d00c844413b4c809e5d57d1952a17f67f2c72324fd379c91d5fdd8aa3fdd9da9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5492 Malicious code in xnder-wrapper-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ff6538b76e9f03f65d8f16113bb6b606a59e59c172e9facb7de6ce0b523a7fb package.json declares "postinstall": "node scripts/script.js", causing scripts/script.js to run automatically on every npm install. That file is the...

MAL-2026-5373 Malicious code in @doaction/http (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0558fc0fe6ab95434c0f041b1ed88e02039379e9052dbfd3e0faf35a8e8d5d5f Package version 9.9.9 is the canonical version-pinning marker used to outrank any private package during npm dependency resolution. The package...

EulerOS Virtualization 2.10.0 : python-ply (EulerOS-SA-2026-2062)

According to the versions of the python-ply package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile...

MAL-2026-5187 Malicious code in supabase (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa2bdcc065a6d4c2b1512f8b68fed22618050c0435c12890c74a2f1405c62093 Withdrawn Advisory This advisory has been withdrawn because the malware detection was a false positive. This link is maintained to preserve external...

Windows BITS Jobs Persistence Scanner

This is a Windows BITS Job auditing tool that scans all Background Intelligent Transfer Service BITS tasks using bitsadmin, then analyzes them for suspicious behavior such as executable downloads, command execution cmd.exe, powershell, and remote URLs. It classifies jobs as normal or suspicious a...

MAL-2026-5124 Malicious code in @chat-template/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90c0b7addd5c00b1a582b2097be6020f543e892e5189b58bd0ba94d94e1e5056 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @antoncallahan/aws-user-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f93a70eff01af53e3710dab5d23b991b7255e6236bc2db796097bb35ace98a6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5116 Malicious code in @redhat-cloud-services/rbac-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...