8718 matches found
MAL-2026-10390 Malicious code in timmytuffknuckles9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 342d7a44db99769023685647376a6042d5a9b345c281826484c9d88561f245ca Package is not a Node library — package.json declares main: sw.js, a browser Service Worker whose first line calls importScripts'./8cfc2/hgshm.js'...
Malicious code in ratelimitsucks6 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ebbee718bfa55eada8a2d56c9ea228e7b661364827e71995fd456027df7eedb The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
MAL-2026-6129 Malicious code in abuden22 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c6b2d1b9158b6a3652850cdee84fd448567fc6d8187e685ee0b85eb8d594f57 The tarball contains a static-site bundle index.html, obfuscated asset chunks, service worker sw.js, and the MercuryWorkshop/Scramjet web-proxy bundl...
Malicious code in abuden22 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c6b2d1b9158b6a3652850cdee84fd448567fc6d8187e685ee0b85eb8d594f57 The tarball contains a static-site bundle index.html, obfuscated asset chunks, service worker sw.js, and the MercuryWorkshop/Scramjet web-proxy bundl...
MAL-2026-6130 Malicious code in abuden221 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbd19b84f2238fb96214c792d294b1ac0e114103c238ddf040a7960377d78f90 The tarball is a static-site / web-proxy build index.html, /assets/.js bundles with obfuscated names, a.well-known/discord verification file, brandin...
MAL-2026-6128 Malicious code in abuden218 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36e1df12b592dc442d5266d4244831fd0b6ceb94c0960a26815f5fad3246b828 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
MAL-2026-5937 Malicious code in abuden21 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4db5b16c4a10377beb73341758a26afed16a44d377dc03009601f610dd289b22 The tarball ships auto-publish.sh, which iterates a hardcoded list of 90 unrelated package names imillegal1..N, ishowfeet, nottuff, abuden,...
MAL-2026-5938 Malicious code in speed4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0766e347295e7a13e0604a89de30f662a24b690598f1e4b01edaac5400178347 [email protected] is not a functional Node package. package.json declares main: sw.js, but sw.js is a browser ServiceWorker importScripts'./8cfc2/hgshm.js...
Malicious code in nottuff23 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41d429b099904a530f5dc4dfdd4724b7b6160c1de1330e0b103e8b8e3c737dfd The package is one of approximately 100 identically-named-pattern publishes from an automated bulk-publish operation. The tarball ships...
MAL-2026-5916 Malicious code in nottuff25 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 238a4f56f3433bf34de372e9a26264a33e33c6bde8592ddc73594d33ab7427f0 The tarball is not a Node library. package.json declares main: sw.js with description "package" and an empty author; sw.js is a browser ServiceWorker...
Malicious code in nottuff25 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 238a4f56f3433bf34de372e9a26264a33e33c6bde8592ddc73594d33ab7427f0 The tarball is not a Node library. package.json declares main: sw.js with description "package" and an empty author; sw.js is a browser ServiceWorker...
CVE-2026-45578 WWBN AVideo Live: OS command injection in on_publish.php execAsync via unescaped m3u8 URL
WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling...
Malicious code in @kruzer/lib-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1bb1f66615de2b0b161721218d2bff4bb0e7100b5cb28b764fcc2e6f1ee671f The published tarball's package.json contains a hardcoded npm registry auth token embedded in the build:publish script: npm publish --tag alpha...
Malicious code in darkenergy-janus-firebase-chalk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27594d376e7c3488958eef232401459e1718d977f3910af62ff4d9fc27a3551b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in got-nightwatch-despina-react-bootstrap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7336b107d179e0bff64553a286b8968070d2f42a5453b4c4ffc25c5a3be02ee7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cosmiconfig-perseus-redgiant-apollo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8cabf74a61f50af9ee6fb8098d25d2c08526d5b73a3c74ec59e714ad4cb37b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in neptune-ganymede-thermochronology-got (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed4e9551588f4666d68b5184e2a3093928f49745bb6e66a6690de97e4ac938ae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lithosphere-quark-mesosphere-cache (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e00a6e66fb35724cd066f57229bbc6ba22c9e15e1a62650e159ca4befcb76544 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in procyon-mesosphere-gemini-arcturus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1617fe95d5c3a6b0a11e412e1cc9bf89b5a7629f0457231d8eaa6e8791af360e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in runtime-stack-awk-visualize-monitor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29f5a4b7134730bc0468b4baf98a46892732f059846e6f73260ec464ed7e041f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...