142 matches found
EUVD-2025-198912
Malicious code in @postman/wdio-junit-reporter npm...
EUVD-2025-198920
Malicious code in @postman/pm-bin-macos-x64 npm...
EUVD-2025-198922
Malicious code in @postman/pm-bin-linux-x64 npm...
MAL-2025-190905 Malicious code in @postman/pm-bin-macos-x64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7af6b141ac3ae548c7fadfe1523b270a35c69e8f5c20035f682e9ee726f1bdec The package @postman/pm-bin-macos-x64 was found to contain malicious code. Source: google-open-source-security...
MAL-2025-190909 Malicious code in @postman/postman-mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7c276129c0d99cb4f8aa63e9f3911b1f38145837396ac3b00ba48533a6050b8 The package @postman/postman-mcp-server was found to contain malicious code. Source: google-open-source-security...
MAL-2025-190911 Malicious code in @postman/secret-scanner-wasm (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5d1604689ef91985fbc1fe9f8958eb7a50835e71b7cfa4125de687ca37c2d19 The package @postman/secret-scanner-wasm was found to contain malicious code. Source: google-open-source-security...
MAL-2025-190904 Malicious code in @postman/pm-bin-macos-arm64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9784306ff54e49967977f9fc58b5d335de3a19434cc7d7d277ee8097ef3079d The package @postman/pm-bin-macos-arm64 was found to contain malicious code. Source: google-open-source-security...
MAL-2025-190910 Malicious code in @postman/pretty-ms (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2d31f7cbd143304b0472244ba5f73daa6e96abbc923b854d2736c5ea7807d16 The package @postman/pretty-ms was found to contain malicious code. Source: google-open-source-security...
Malicious code in @postman/pm-bin-macos-x64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7af6b141ac3ae548c7fadfe1523b270a35c69e8f5c20035f682e9ee726f1bdec The package @postman/pm-bin-macos-x64 was found to contain malicious code. Source: google-open-source-security...
EUVD-2025-198916
Malicious code in @postman/postman-mcp-server npm...
@collegedunia/newman-mocha (>=0.0.1 <=0.1.1), @dineshparne/postman-cli (>=1.0.0 <=1.0.5) +24 more potentially affected by unknown CVE via @postman/csv-parse (=4.0.2)
@postman/csv-parse NPM version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @postman/csv-parse and may be impacted: - @collegedunia/newman-mocha =0.0.1, =1.0.0, =1.0.0, =0.0.2, =1.1.1-beta.1, =1.0.34, =4.5.5, =1.0.0, =1.0.0, =1.0.2, =1.0.0,...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
postman-cli (>=1.16.0-canary.1 <=1.24.2) potentially affected by unknown CVE via @postman/pm-bin-macos-arm64 (>=1.16.0-canary.1 <=1.24.2)
@postman/pm-bin-macos-arm64 NPM version =1.16.0-canary.1, =1.16.0-canary.1, =1.24.2 Source cves: unknown CVE Source advisory: SNYK:JS-POSTMANPMBINMACOSARM64-14103293...
postman-cli (>=1.16.0-canary.1 <=1.24.2) potentially affected by unknown CVE via @postman/pm-bin-macos-x64 (>=1.16.0-canary.1 <=1.24.2)
@postman/pm-bin-macos-x64 NPM version =1.16.0-canary.1, =1.16.0-canary.1, =1.24.2 Source cves: unknown CVE Source advisory: SNYK:JS-POSTMANPMBINMACOSX64-14103294...
postman-cli (>=1.16.0-canary.1 <=1.24.2) potentially affected by unknown CVE via @postman/pm-bin-linux-x64 (>=1.16.0-canary.1 <=1.24.2)
@postman/pm-bin-linux-x64 NPM version =1.16.0-canary.1, =1.16.0-canary.1, =1.24.2 Source cves: unknown CVE Source advisory: SNYK:JS-POSTMANPMBINLINUXX64-14103292...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
postman-cli (>=1.16.0-canary.1 <=1.24.2) potentially affected by unknown CVE via @postman/pm-bin-windows-x64 (>=1.16.0-canary.1 <=1.24.2)
@postman/pm-bin-windows-x64 NPM version =1.16.0-canary.1, =1.16.0-canary.1, =1.24.2 Source cves: unknown CVE Source advisory: SNYK:JS-POSTMANPMBINWINDOWSX64-14103295...
EUVD-2025-198801
Malicious code in @postman/node-keytar npm...
Malicious code in @postman/node-keytar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f4c8023740ffdaef4872c662f4f7be6f3258a479dfb93494adda9c170fa4818 The package @postman/node-keytar was found to contain malicious code. Source: ghsa-malware...