102 matches found
Malicious code in is-really-odd (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7f205432fff885dce7a6dee0e8d1267c65944d3e486abd566683caeaad833692 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mx-shared/utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80722921f3ba7863b8f28031aa4edf777ce8e270fab10bcead75016a286cb125 The package @mx-shared/utils was found to contain malicious code. Source: ghsa-malware 30ead10eaa18cee42152061c23ee9a84c465e687911f78dd1ae0c613f1c2b1...
Malicious code in @emilgroup/billing-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08d6e9b450a96ca7b1280b8799dd80c62762d7025a50ea25eabf80c69eb0bb9e The package @emilgroup/billing-sdk-node was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1519 Malicious code in import-newlines (npm)
The package 'import-newlines' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in whop-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 943bd287cb6375798fdee15ba33f85737201ea9934952ee5d1f2a2336e8cd65c The package whop-sdk was found to contain malicious code. Source: ghsa-malware 4c3e9ca78194532c222b978afd00f7bb4be1ca1ba6cd442e1892d17ee6e67ccc Any...
MAL-2026-1185 Malicious code in @bookings.microsoft.com/s (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa10e8f4ab4580d4d9aedaee9a9e0c036b3248364f0680727df6871025d7e2f9 The package @bookings.microsoft.com/s was found to contain malicious code. Source: ghsa-malware...
MAL-2026-767 Malicious code in 0xhash-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6533d0ccd6be4affddc7247e6f5e925ac35fbe47d877eb2cc0ace6e493acc497 The package 0xhash-utils was found to contain malicious code. Source: ghsa-malware df192d86e51f442508e66c54064ef3c8d9c2cbe92133f87a522bc968dc4f6f45 A...
Malicious code in victim-package-b (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 152e8188fd82f0ea4ee410d725bb96ab33af5767241fcefb555ef8dfaffd39bf The package victim-package-b was found to contain malicious code. Source: ghsa-malware 324aadc54f696916c968e82f4704d088384eab1ce76c08f2a3d3d0aa59fece...
MAL-2026-70 Malicious code in @shop-cicd/webpack-package-artifact (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ee6154f54d35f10e1bca4b64111deef6ab6c43c9ea291a7adfac091b7334ab0 The package @shop-cicd/webpack-package-artifact was found to contain malicious code. Source: ghsa-malware...
MAL-2025-192978 Malicious code in tailwindcss-typography-style (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f2e4636e4f08bc04591afc5b27fce2e03dea82a9883b2dc8092a6f23fa6f55d The package tailwindcss-typography-style was found to contain malicious code. Source: ghsa-malware...
Malicious code in @lui-ui/lui-nuxt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aeaeb0138ac2e77901a8360aeeeec1038e7da06fabc4c4726a6fb2060f8d01b5 The package @lui-ui/lui-nuxt was found to contain malicious code. Source: ghsa-malware 7914345d453dc4753973e462d6f8e4cbd4d25656c98b9a22f073c9fdddb715...
Malicious code in @chatclub/claude-code (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6acfccb78a615c7f037fe5dbd1001d9a77ca4015c89c94122ba5dd78978b66b The package @chatclub/claude-code was found to contain malicious code. Source: ghsa-malware...
MAL-2025-48540 Malicious code in @jd-org/clear-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6d11360da81f86749d64e1c01171518474b7c636f9f729440f0a79dd1608e37 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in matrix-charts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec928e940d4a9d80d7e512630b842c44283854acb9421a3ecb97c288f07fb7a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48214 Malicious code in redirect-sjcr8c (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1da0d4954d047b798675a52af826b4e894dcd3088d0199abbb6c906cc820d19d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in solarpeng_node_eval4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eeb42c5e6381f2debe4e94826c8e1a29e0b0d730abf69e5ca521d768cde1ea04 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-46985 Malicious code in color (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3507ec02d0eb24c87e1f7621140bb5e6a4a343308e7ee8af79ef7f84617f8577 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in fe-hoc-theme (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9891a9fd86134f0ca17dba8224c55c0e4ad7b0dbf8f5c61cce17218515d60f92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in athira-windows-x64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d29372690a56d28aaf32363029d85a2f0f5b5eddbe8a7a2bb62435171567b354 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mfe-react-bridge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f7835d0f6b232544302030371ac74d4c595860a04736a2ef54259a32993f9c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...