3471 matches found
Malicious code in paperclip-host-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7e57197a05889313009e318f52b5c6831e6ce6ce928553210c489433d2ef87c On npm install, package.json's postinstall executes dist/setup.js and dist/postinstall.js. The scripts read installer-side secrets — /.aws/credential...
Malicious code in vps-adapter-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 721f18c9af5bbc2ee66386230d6d7c389cf862f4e5982c65a6368117a05b2f93 On npm install, the package's declared postinstall script postinstall.js executes an end-to-end host takeover against the installing user: 1 appends ...
MAL-2026-6894 Malicious code in tracing-str (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 466143b5f195d4924e2227921a288954ecec9ed34d52af8ff433056f5ff56903 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
UBUNTU-CVE-2026-54887
Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...
Malicious code in serverless-leo (npm)
The serverless-leo npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...
MAL-2026-6019 Malicious code in @mastra/docker (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd2417620dd4f98c496cdb956e0e2cf1b55f25dcc57ad7a360f072acfa88ba9c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/deployer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cbd99dea462f2f28099ae0f57cd6c89edd76f08476cd9a6265b1c23defcd2b23 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/fastify (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e3fd453d8d4b3cf403d6d1445b295c8de0462a463c857388fb6c800c7c897cd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/dynamodb (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88f1c319acc4591df560a402378efa8b10499f62c6014e785c983eed9c256a87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5954 Malicious code in @mastra/libsql (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae3d2946dd7a5ef81d52da321aac5fce8fe40c59a844491d6e6a07c1c84b08ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in hot-validation-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76065c270ae195ee042c46a6d0ade5737992948d3f3068f367fc6bfef474ce9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in fabric-graphics (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a0e1c67eb156113685783efe75a2bd26718f6dcb5b63ece1f47ec01098f71fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in sp-api-dev-assistant-mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18b5b59005300a7a8612a3bf36d3707df573ac722e94e52a3854844345d63745 Package contains only package.json and README.md, with the README explicitly stating it is a proof-of-concept squatting an unclaimed npm name that wa...
Malicious code in browserslist-db-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e7eebaf0ec5e5d89501d240e0e11dfd758c9a9c6bcaf74a29a2dcabf1a1f502 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5849 Malicious code in vite-configu-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7755490e331340729b0f6eab38cac0857e0aea337579950f610e728b300367fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ecto-nightly-spirit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dea0702101217f4a918a23191023bbd9e7d3b5478028bb0868341a574526e97 On npm install, postinstall.js executes unconditionally and performs three installer-harming actions. 1 It enumerates every key/value pair in...
Malicious code in ecto-spectral-leak-8d4e2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed80e7979c97935537c82692c1be6aa9fa4880f76b412057e9d8ed7d66af999f On npm install, postinstall.js executes shell commands that enumerate AWS Secrets Manager across regions aws secretsmanager list-secrets followed by...
Malicious code in ioredis-orm (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15186d98f16a0cfdcb0cac8d616ea4afc4e6d1443be464ef1a140ab79a5d5d0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in zatzdbai (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee421570e1dd748a4953205977d4b902c65acae47ebf90a91ba8c5c86a9961f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5661 Malicious code in @sazka/web (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f28f82bd2ace12b57cc67c8da0f065ed544157af3148f2680ca8a36c9ef01b21 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...