MAL-2026-4864 Malicious code in @car-loans/application-aff (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

Malicious code in @car-loans/show-car-year-module (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

Malicious code in @car-loans/online-sign-aff (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

Malicious code in @godscene/web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1bd83a63f0426cc7c4e1a68886c36ff47de093d9b7edc6b410d16c928be50c1 Package @godscene/[email protected] is a re-bundled copy of the legitimate @midscene/web at the same version, preserving the original description, README,...

CVE-2026-28447

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files...

EUVD-2025-36406

Malicious code in @jameson777/mytest6 npm...

Malicious code in @lbnqduy180500/probable-funicular (npm)

The package @lbnqduy180500/probable-funicular was found to contain malicious code...

MAL-2025-42316 Malicious code in @crabas0npm/neque-quos-sequi (npm)

The package @crabas0npm/neque-quos-sequi was found to contain malicious code...

MAL-2025-41482 Malicious code in @twork-data-services/company-overdraft (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-8621 Malicious code in @malware-test-eloin-sneer-hairy-veery/test-mlw3-eloin-sneer-hairy-veery (npm)

The package @malware-test-eloin-sneer-hairy-veery/test-mlw3-eloin-sneer-hairy-veery was found to contain malicious code...

Malicious code in @malware-test-ovine-mobby-grant-sadhe/test-mlw3-ovine-mobby-grant-sadhe (npm)

The package @malware-test-ovine-mobby-grant-sadhe/test-mlw3-ovine-mobby-grant-sadhe was found to contain malicious code...

Malicious code in @malware-test-herms-teats-virtu-curia/test-mlw3-herms-teats-virtu-curia (npm)

The package @malware-test-herms-teats-virtu-curia/test-mlw3-herms-teats-virtu-curia was found to contain malicious code...

Malicious code in @malware-test-rugby-miasm-weest-halva/test-mlw3-rugby-miasm-weest-halva (npm)

The package @malware-test-rugby-miasm-weest-halva/test-mlw3-rugby-miasm-weest-halva was found to contain malicious code...

Malicious code in @malware-test-macer-studs-xebec-salon/test-mlw3-macer-studs-xebec-salon (npm)

The package @malware-test-macer-studs-xebec-salon/test-mlw3-macer-studs-xebec-salon was found to contain malicious code...

MAL-2025-9085 Malicious code in @malware-test-yucca-moras-pekes-lades/test-mlw3-yucca-moras-pekes-lades (npm)

The package @malware-test-yucca-moras-pekes-lades/test-mlw3-yucca-moras-pekes-lades was found to contain malicious code...

MAL-2025-8694 Malicious code in @malware-test-gulls-soums-chape-layer/test-mlw3-gulls-soums-chape-layer (npm)

The package @malware-test-gulls-soums-chape-layer/test-mlw3-gulls-soums-chape-layer was found to contain malicious code...

MAL-2025-9498 Malicious code in @teamteanpm2024/architecto-reiciendis-iusto (npm)

The package @teamteanpm2024/architecto-reiciendis-iusto was found to contain malicious code...

MAL-2025-8674 Malicious code in @malware-test-glens-stink-blare-laser/test-mlw3-glens-stink-blare-laser (npm)

The package @malware-test-glens-stink-blare-laser/test-mlw3-glens-stink-blare-laser was found to contain malicious code...

MAL-2025-8451 Malicious code in @malware-test-afire-amass-hover-boxer/test-mlw3-afire-amass-hover-boxer (npm)

The package @malware-test-afire-amass-hover-boxer/test-mlw3-afire-amass-hover-boxer was found to contain malicious code...

MAL-2025-8920 Malicious code in @malware-test-slish-yolky-pones-hokum/test-mlw3-slish-yolky-pones-hokum (npm)

The package @malware-test-slish-yolky-pones-hokum/test-mlw3-slish-yolky-pones-hokum was found to contain malicious code...