3466 matches found
MAL-2026-6019 Malicious code in @mastra/docker (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd2417620dd4f98c496cdb956e0e2cf1b55f25dcc57ad7a360f072acfa88ba9c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/deployer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cbd99dea462f2f28099ae0f57cd6c89edd76f08476cd9a6265b1c23defcd2b23 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/fastify (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e3fd453d8d4b3cf403d6d1445b295c8de0462a463c857388fb6c800c7c897cd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mastra/dynamodb (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88f1c319acc4591df560a402378efa8b10499f62c6014e785c983eed9c256a87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5954 Malicious code in @mastra/libsql (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae3d2946dd7a5ef81d52da321aac5fce8fe40c59a844491d6e6a07c1c84b08ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in hot-validation-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76065c270ae195ee042c46a6d0ade5737992948d3f3068f367fc6bfef474ce9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in fabric-graphics (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a0e1c67eb156113685783efe75a2bd26718f6dcb5b63ece1f47ec01098f71fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in sp-api-dev-assistant-mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 41506fcb0f329d1b260c8aea68fe27eb7b648576521da211f366dc49459bc388 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in browserslist-db-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e7eebaf0ec5e5d89501d240e0e11dfd758c9a9c6bcaf74a29a2dcabf1a1f502 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5849 Malicious code in vite-configu-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7755490e331340729b0f6eab38cac0857e0aea337579950f610e728b300367fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ecto-nightly-spirit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dea0702101217f4a918a23191023bbd9e7d3b5478028bb0868341a574526e97 On npm install, postinstall.js executes unconditionally and performs three installer-harming actions. 1 It enumerates every key/value pair in...
Malicious code in ecto-spectral-leak-8d4e2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed80e7979c97935537c82692c1be6aa9fa4880f76b412057e9d8ed7d66af999f On npm install, postinstall.js executes shell commands that enumerate AWS Secrets Manager across regions aws secretsmanager list-secrets followed by...
Malicious code in ioredis-orm (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15186d98f16a0cfdcb0cac8d616ea4afc4e6d1443be464ef1a140ab79a5d5d0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in zatzdbai (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee421570e1dd748a4953205977d4b902c65acae47ebf90a91ba8c5c86a9961f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5662 Malicious code in @snowsight/debug-tooling (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ca444a9a90c96e463edeafef6a8f5ebdcc91dd128361d2b2aa42b6897cc48e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5663 Malicious code in @tenforce/toolbox-fontmap (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc43bc0434418226ca77115c791ff0ea0031a0d314e73acfe0a62686528ceaad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5661 Malicious code in @sazka/web (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f28f82bd2ace12b57cc67c8da0f065ed544157af3148f2680ca8a36c9ef01b21 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5659 Malicious code in @ngt-frontend/widgets-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea73e01bd9fd14de80da7385a457c47d65d0af138480a99f91556880fabf9d3f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5668 Malicious code in fed-callnative (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3971b7c0ac52c7cb668a8147d9774cb0f7a0b4e0bf04a59a6b55426f9c84fcf4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ozonex-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5e40322806de6c1fc8ca77941438b3481f3f12059a9c34d13645c2a4b8a82c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...