3489 matches found
Malicious code in mchain-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5249b7e6ec4cba8f4a3b2d332ec69069c1ca39eabec04a1372500ea25952280 package.json declares a postinstall hook node./src/core/index.js. That module immediately runs a top-level async IIFE that base64-decodes a URL store...
Malicious code in tailwind-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a6dd276f30733865042d929d52211583fa63323b5118d26e5cbe6219137f86d Package name 'tailwind-core' impersonates the legitimate 'tailwindcss' package, using a mimicked monorepo directory 'packages/tailwind-core' and...
Malicious code in paperclip-host-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7e57197a05889313009e318f52b5c6831e6ce6ce928553210c489433d2ef87c On npm install, package.json's postinstall executes dist/setup.js and dist/postinstall.js. The scripts read installer-side secrets — /.aws/credential...
Malicious code in vps-adapter-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 721f18c9af5bbc2ee66386230d6d7c389cf862f4e5982c65a6368117a05b2f93 On npm install, the package's declared postinstall script postinstall.js executes an end-to-end host takeover against the installing user: 1 appends ...
Malicious code in twcompose-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 096d151917a14021013de8dbd595466944a677be49ee8ca4b3ed94de63d85cd9 The package's main entry point src/index.js contains heavily obfuscated JavaScript at line 138 using a classic string-array shuffle pattern while!!...
Malicious code in ts-bigtn (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3fe9cda51a9c873f69575fec5aada84c81b0b7e907d060f28d6c6e95dc381911 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6894 Malicious code in tracing-str (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 466143b5f195d4924e2227921a288954ecec9ed34d52af8ff433056f5ff56903 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in polymarket-onchain-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73556a574d8ee416a5440f889b73cafff3b464650d6b2b2caf4001ce15086f6c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in log-format-thread (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 778c35bb8086ee3d81fc8c882aa7e47144695564bc017c2fc71022695b47601d The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in bootstrap-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9ac4913fc1ffcabe1ed6637abc6d532abc014683f48b341ece6127a51da15d8 The package's index.js is heavily obfuscated with classic string-array shuffling patterns e.g., while!! loops with repeated 'shift' calls and...
UBUNTU-CVE-2026-54887
Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...
Malicious code in @orbis-lr-sdk/orbis-lr-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 447ee314f32023031250cefe4570378f31d8055a02384eccecb5c288ae6e2405 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @ms-ows/logging (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b7ffaf65611a7bb55512d442ab6d19f3b1c702db0224b994e0b80df4f30e1dff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @experian-shared/services (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b9781b2089d3aeafbedfe7c81af43904472553991bd7e50695ab301d4529eaa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @gm-rvg/root-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 439c6ce041ad5226eefdab8b99045e573701e66838e908be4fa6d3b0ee6e8a7b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in serverless-leo (npm)
The serverless-leo npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
Malicious code in mjs-eslint-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7e95cb81c6a1238d751c013def46001948b388083e0d91f7baa5077091ae006 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/node-speaker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d1fc45cd66b93c4e1a83c1743f1ac9ee3ebea854208b1a9cae83ee957ebfd83 @mastra/node-speaker is a PCM audio output library wrapping native mpg123 bindings. Its package.json declares 'easy-day-js' ^1.11.21 as a runtime...
Malicious code in @mastra/node-audio (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e67f59921eaf19b7b608ed824610779a1929306854008a2a1633edf67bca3b7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @mastra/voice-deepgram (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45c6269a96366ca5cb804b7078f3eb2d0306ac86335922e3b00a17db6426024c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...