MAL-2025-5284 Malicious code in meuhq (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a603acb3997e3395851edc9bc2cb0812dff4a2eb9a5f0bf87aa6b5bc229a0097 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4544 Malicious code in @mc-donate/donateweb (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9325722a4b74dc591b6e7655a9bd06db9dff5b54b68de22c24fd2b38d03743ae Any computer that has this package installed or running should be considered...

PT-2025-20206 · Unknown · Ilmosys Open Close Woocommerce Store

Name of the Vulnerable Software and Affected Versions: ilmosys Open Close WooCommerce Store versions 4.9.5 and earlier Description: The issue is a Path Traversal vulnerability that allows PHP Local File Inclusion. This can be exploited to steal database credentials. There have been no reported...

PT-2022-37378 · Pypi · Democritus-Networking +1

Name of the Vulnerable Software and Affected Versions: d8s-ip-addresses version 0.1.0 Description: The d8s-ip-addresses package for python, distributed on PyPI, contains a potential code-execution backdoor. This backdoor is attributed to the democritus-networking package, which was inserted by a...

MAL-2022-145 Malicious code in @boosted-bounty/worker-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ac65616ab3b9d1e93325395ea4c9ba6d80038c09981499071d41d8039cba4a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-299 Malicious code in @grubhubprod/mochi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 082e82d92950ed7e74f32c77471c1ff88720343ca31adb94676a844f1dc0a1d9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-263 Malicious code in @fbpay/merchant-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff532b8bb4d8394da283651d098a5f4b99d05a8cb40e0417ea040d71fc80b35b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6975 Malicious code in vscode-dependency-confusion (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0594ce1325ddf78cf55fd02ddf63243a2645252bc5eb813b2f60faabf444f87a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1675 Malicious code in brave-research-participation-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aabb0d4d11817436c523cc8b6a7cec461ac62c46889ef22bddae8fb9a66a6e4d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview The package xpc.js contained malicious code. The package ran a postinstall script that executes two.exe files containing Trojan malware. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...

Malicious Package

Overview twilio-npm opened a reverse shell to a remote server as a postinstall script. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different compute...

Malicious Package in bictoin-ops

All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated...

Malicious Package in babel-loadre

All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated...

Malicious Package in ks-sha3

Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...

Malicious Package in js-sha7

Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...

Malicious Package in fuffer-xor

Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...

Malicious Package in buffe2-xor

Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...

GHSA-8549-P68H-M9MC Malicious Package in buffdr-xor

Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...

GHSA-W9Q5-MVC6-5CW3 Malicious Package in bufder-xor

Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...

GHSA-WXRM-2H86-V95F Malicious Package in pizza-pasta

Version 1.0.3 of pizza-pasta contains malicious code as a install scripts. The package created folders in the system's Desktop and downloaded an image from imgur.com. The package also printed the users SSH keys to the console. Recommendation Remove the package from your environment. There are no...