MAL-2026-3784 Malicious code in babel-6-compatibility-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d77f7edebabddc5ea0e09c0b1df9b7277a2645a506618cad4e4ee0340db67efe The package babel-6-compatibility-utils was found to contain malicious code. Source: ghsa-malware...

CVE-2026-22728 sealed-secrets /v1/rotate can widen sealing scope to cluster-wide via attacker-controlled template annotations

Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation /v1/rotate flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim...

MAL-2025-190719 Malicious code in @asyncapi/nodejs-ws-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06529fc17471f54f2c0fc317bca64f4b01fa049862dd2ce5863b33db8445b7ed The package @asyncapi/nodejs-ws-template was found to contain malicious code. Source: ghsa-malware...

Malicious code in redirect-n06xhl (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c0ba3993bfc06f9b6d17af5f983bc485d686259595efa583d0f0b7e459a8bc9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in angieslist-office-app-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ef02b48854bea0c3c7e012377ff6e37a2ca9b371c56552ac87a3ec84a8ec098 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...