MAL-2026-5110 Malicious code in jingmeideshishi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe45a0c6c68a7c9bff9135ecd725baea4558380b10e02e2ed1670f20146d6633 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4331 Malicious code in ts-typeguard-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f74d71bf9db34dbac382712020acc0d441e7921053f6664204f5bbff1906b96f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/codedagents-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7321b8eb18854f6e785ee2862e6f977f0e45ab2cfda39b5c05a3ca23a704a15c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview @meli-lint/eslint-config-base-ts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

MAL-2026-88 Malicious code in evm-gateway-contracts-private (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4d7fcec6a0025a21ed0b14bdd643dc22965e7c3ccd6dee0bfa6bf3285b97aac The package evm-gateway-contracts-private was found to contain malicious code. Source: ghsa-malware...

MAL-2025-192640 Malicious code in tailwind-animationbased (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac7eef2c8a93c095a7c203eb12ac4dab149ff712b00eef96d4a8febb468710f0 The package tailwind-animationbased was found to contain malicious code. Source: ghsa-malware...

Malicious code in stream-xor-chain (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc5f6f6ecd6b8dc9aa3f0b220d7281e20d4cdb8d668fad3b2eaf3d574b5c1803 The package stream-xor-chain was found to contain malicious code. Source: ghsa-malware 5fa72b796385b0370be584212f5220a4a6e6960e840a4e700b2df2f99e7be1...

Malicious Package

Overview nodenetbanxsdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in react-jam-icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 369fe7c56e5f271a31e023cbe36323fc11043fc4747d0309c5c48aaa1eedf822 The package react-jam-icons was found to contain malicious code. Source: ghsa-malware 1c50426946a6dd92cf360d347aa3ed8f15988f3655c7721aff8dd0b8ff8e946...

Malicious Package

Overview cooler-loans-api-get is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in redirect-lxzc6c (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 152ea118e8feb44e1e4570368be0ca17a3bff2c77ba32e612ff9bdc5fd0fe077 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47924 Malicious code in eslint-plugin-paysafe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aeeeb3008c1c25d409de0b1ddd06dec1567d3ddb75c311c718aeafd606e5f24f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview plonkscript-ui-project is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Malicious code in @sev-ui-verse/event-tracking (npm)

The package @sev-ui-verse/event-tracking was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 456d3a4ed1bb864eafcf6a65c30be392f9dc9ac1342ab0c1cd51cc463f11ff7f Any computer that has this package installed or running should be considere...

Malicious Package

Overview envs-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

CVE-2025-43356

A flaw was found in WebKitGTK. A malicious website can obtain access to sensor information without user consent due to improper handling of caches. Mitigation Do not visit untrusted websites. Also, do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Linux 7, the...

Malicious code in tvi-cli (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f78946397af9b739b00884d97f406ea16405f5558af770d05400083fd26e7061 Any computer that has this package installed or running should be considered fully compromised. All...

Malicious code in moodle-core_filepicker (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 949643a56d52397b063c5839facff57f6727e833e3f48ffaa24500c64ac29d53 Any computer that has this package installed or running should be considered...

Malicious Package

Overview @kodane/patch-manager is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-4927 Malicious code in ods-core-v1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c864e00fb5ed04b7160b6804c91bddefa43500c877ad9e889fdc397f89c35721 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...